vulnerability

Nagios Log Server: CVE-2025-44823: Exposure of Sensitive System Information to an Unauthorized Control Sphere

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
9	(AV:N/AC:L/Au:S/C:C/I:C/A:C)	Oct 7, 2025	Oct 8, 2025	Oct 8, 2025

Severity

CVSS

(AV:N/AC:L/Au:S/C:C/I:C/A:C)

Published

Oct 7, 2025

Added

Oct 8, 2025

Modified

Oct 8, 2025

Description

Nagios Log Server before 2024R1.3.2 allows authenticated users to retrieve cleartext administrative API keys via a /nagioslogserver/index.php/api/system/get_users call. This is GL:NLS#475.

Solution

nagios-log-server-upgrade-latest

References

CVE-2025-44823
https://attackerkb.com/topics/CVE-2025-44823
URL-https://www.exploit-db.com/exploits/52177
URL-https://www.nagios.com/changelog/#log-server
CWE-497

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today