CVE 8.6 HIGH

Nagios XI Privilege Escalation via Writable PHP Include Executed with Sudo_CVE-2025-34288

December 16, 2025 invoker category_cve

8.6 / 10

HIGH

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Description

Nagios XI versions prior to 2026R1.1 are vulnerable to local privilege escalation due to an unsafe interaction between sudo permissions and application file permissions. A user‑accessible maintenance script may be executed as root via sudo and includes an application file that is writable by a lower‑privileged user. A local attacker with access to the application account can modify this file to introduce malicious code, which is then executed with elevated privileges when the script is run. Successful exploitation results in arbitrary code execution as the root user.

AI Analysis

Local privilege escalation vulnerability in Nagios XI due to unsafe interaction between sudo permissions and application file permissions, allowing arbitrary code execution as root.

Basic Information

ID CVE-2025-34288

Source VulnCheck

Published Dec 16, 2025 at 22:17

Affected Product

Vendor Nagios Enterprises

Product Nagios XI

Version prior to 2026R1.1

Affected Versions Nagios Enterprises Nagios XI 0

CWE Classification

CWE-732

AI Assessment

AI Score 8.6 / 10

AI Severity High

Vendor Nagios Enterprises

Product Nagios XI

Version prior to 2026R1.1

References

{
    "lastseen": "",
    "description": "Nagios XI versions prior to 2026R1.1 are vulnerable to local privilege escalation due to an unsafe interaction between sudo permissions and application file permissions. A user\u2011accessible maintenance script may be executed as root via sudo and includes an application file that is writable by a lower\u2011privileged user. A local attacker with access to the application account can modify this file to introduce malicious code, which is then executed with elevated privileges when the script is run. Successful exploitation results in arbitrary code execution as the root user.",
    "published": "2025-12-16T22:17:02.004Z",
    "modified": "2025-12-16T22:17:02.004Z",
    "type": "cve",
    "title": "Nagios XI Privilege Escalation via Writable PHP Include Executed with Sudo",
    "source": "VulnCheck",
    "references": "https://www.nagios.com/changelog/nagios-xi/2026r1-1/\nhttps://www.vulncheck.com/advisories/nagios-xi-privilege-escalation-via-writable-php-include-executed-with-sudo",
    "id": "CVE-2025-34288",
    "bulletinFamily": "",
    "cwe": [
        "CWE-732"
    ],
    "cvelist": null,
    "sourceData": "Nagios Enterprises Nagios XI 0",
    "sourceHref": "",
    "cvss": {
        "score": 8.6,
        "severity": "HIGH",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Nagios XI",
    "version": "prior to 2026R1.1",
    "vendor": "Nagios Enterprises",
    "ai_description": "Local privilege escalation vulnerability in Nagios XI due to unsafe interaction between sudo permissions and application file permissions, allowing arbitrary code execution as root.",
    "ai_severity": "High",
    "ai_vendor": "Nagios Enterprises",
    "ai_product": "Nagios XI",
    "ai_version": "prior to 2026R1.1",
    "ai_score": 8.6
}

💭 Join the Security Discussion ❌ Cancel Reply