Nagios Network Analyzer < 2024R2.0.1 RCE in LDAP Certificate Removal Function

8.6 / 10

HIGH

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Description

Nagios Network Analyzer versions prior to 2024R2.0.1 contain a vulnerability in the LDAP certificate management functionality whereby the certificate removal operation fails to apply adequate input sanitation. An authenticated administrator can trigger command execution on the underlying host in the context of the web application service, resulting in remote code execution with the service's privileges.

AI Analysis

Remote code execution vulnerability in Nagios Network Analyzer's LDAP certificate removal function

Basic Information

ID CVE-2025-34280

Source VulnCheck

Published Oct 30, 2025 at 21:27

Affected Product

Vendor Nagios

Product Network Analyzer

Affected Versions Nagios Network Analyzer 0

CWE Classification

CWE-78

AI Assessment

AI Score 8.6 / 10

AI Severity High

Vendor Nagios

Product Network Analyzer

Version < 2024R2.0.1

References

{
    "lastseen": "",
    "description": "Nagios\u00a0Network Analyzer versions prior to\u00a02024R2.0.1 contain a vulnerability in the LDAP certificate management functionality whereby the certificate removal operation fails to apply adequate input sanitation. An authenticated administrator can trigger command execution on the underlying host in the context of the web application service, resulting in remote code execution with the service's privileges.",
    "published": "2025-10-30T21:27:41.203Z",
    "modified": "2025-10-30T21:27:41.203Z",
    "type": "cve",
    "title": "Nagios\u00a0Network Analyzer < 2024R2.0.1 RCE in LDAP Certificate Removal Function",
    "source": "VulnCheck",
    "references": "https://www.nagios.com/products/security/#network-analyzer\nhttps://www.nagios.com/changelog/nagios-network-analyzer/\nhttps://www.vulncheck.com/advisories/nagios-network-analyzer-rce-in-ldap-certificate-removal-function",
    "id": "CVE-2025-34280",
    "bulletinFamily": "",
    "cwe": [
        "CWE-78"
    ],
    "cvelist": null,
    "sourceData": "Nagios Network Analyzer 0",
    "sourceHref": "",
    "cvss": {
        "score": 8.6,
        "severity": "HIGH",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Network Analyzer",
    "version": "0",
    "vendor": "Nagios",
    "ai_description": "Remote code execution vulnerability in Nagios Network Analyzer's LDAP certificate removal function",
    "ai_severity": "High",
    "ai_vendor": "Nagios",
    "ai_product": "Network Analyzer",
    "ai_version": "< 2024R2.0.1",
    "ai_score": 8.6
}

Nagios Network Analyzer < 2024R2.0.1 RCE in LDAP Certificate Removal Function_CVE-2025-34280