Nagios Log Server < 2024R1.3.2 Set Email Privilege Escalation

8.7 / 10

HIGH

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Description

Nagios Log Server versions prior to 2024R1.3.2 contain a privilege escalation vulnerability in the account email-change workflow. A user could set their own email to an invalid value and, due to insufficient validation and authorization checks tied to email identity state, trigger inconsistent account state that granted elevated privileges or bypassed intended access controls.

AI Analysis

Privilege escalation vulnerability in Nagios Log Server account email-change workflow

Basic Information

ID CVE-2025-34298

Source VulnCheck

Published Oct 30, 2025 at 21:25

Affected Product

Vendor Nagios

Product Log Server

Affected Versions Nagios Log Server 0

CWE Classification

CWE-281

AI Assessment

AI Score 8.7 / 10

AI Severity High

Vendor Nagios

Product Log Server

Version < 2024R1.3.2

References

{
    "lastseen": "",
    "description": "Nagios Log Server versions prior to 2024R1.3.2 contain a privilege escalation vulnerability in the account email-change workflow. A user could set their own email to an invalid value and, due to insufficient validation and authorization checks tied to email identity state, trigger inconsistent account state that granted elevated privileges or bypassed intended access controls.",
    "published": "2025-10-30T21:25:52.056Z",
    "modified": "2025-10-30T21:25:52.056Z",
    "type": "cve",
    "title": "Nagios Log Server < 2024R1.3.2 Set Email Privilege Escalation",
    "source": "VulnCheck",
    "references": "https://www.nagios.com/changelog/nagios-log-server-2024r1/\nhttps://www.vulncheck.com/advisories/nagios-log-server-set-email-privilege-escalation",
    "id": "CVE-2025-34298",
    "bulletinFamily": "",
    "cwe": [
        "CWE-281"
    ],
    "cvelist": null,
    "sourceData": "Nagios Log Server 0",
    "sourceHref": "",
    "cvss": {
        "score": 8.7,
        "severity": "HIGH",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Log Server",
    "version": "0",
    "vendor": "Nagios",
    "ai_description": "Privilege escalation vulnerability in Nagios Log Server account email-change workflow",
    "ai_severity": "High",
    "ai_vendor": "Nagios",
    "ai_product": "Log Server",
    "ai_version": "< 2024R1.3.2",
    "ai_score": 8.7
}

Nagios Log Server < 2024R1.3.2 Set Email Privilege Escalation_CVE-2025-34298