Nagios XI < 2024R1.4.2 API Key Disclosure via Neptune Themes

7.1 / 10

HIGH

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Description

Nagios XI versions prior to 2024R1.4.2 revealed API keys to users who were not authorized for API access when using Neptune themes. An authenticated user without API privileges could view another user's or their own API key value.

Basic Information

ID CVE-2025-34283

Source VulnCheck

Published Oct 30, 2025 at 21:29

Affected Product

Vendor Nagios

Product XI

CWE Classification

CWE-497

References

{
    "lastseen": "",
    "description": "Nagios XI versions prior to\u00a02024R1.4.2\u00a0revealed API keys to users who were not authorized for API access when using Neptune themes. An authenticated user without API privileges could view another user's or their own API key value.",
    "published": "2025-10-30T21:29:37.293Z",
    "modified": "2025-10-30T21:29:37.293Z",
    "type": "cve",
    "title": "Nagios XI < 2024R1.4.2 API Key Disclosure via Neptune Themes",
    "source": "VulnCheck",
    "references": "https://www.nagios.com/products/security/#nagios-xi\nhttps://www.nagios.com/changelog/nagios-xi/\nhttps://www.vulncheck.com/advisories/nagios-xi-api-key-disclosure-via-neptune-themes",
    "id": "CVE-2025-34283",
    "bulletinFamily": "",
    "cwe": [
        "CWE-497"
    ],
    "cvelist": null,
    "sourceData": "",
    "sourceHref": "",
    "cvss": {
        "score": 7.1,
        "severity": "HIGH",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "XI",
    "version": "0",
    "vendor": "Nagios",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Nagios XI < 2024R1.4.2 API Key Disclosure via Neptune Themes_CVE-2025-34283