CVE-2025-28131

A Broken Access Control vulnerability in Nagios Network Analyzer 2024R1.0.3 allows low-privilege users with "Read-Only" access to perform administrative actions, including stopping system services and deleting critical resources. This flaw arises due to improper authorization enforcement, enabling unauthorized modifications that compromise system integrity and availability.
Configurations

Configuration 1 (hide)

cpe:2.3:a:nagios:nagios_network_analyzer:2024:r1.0.3:*:*:*:*:*:*

History

20 Jun 2025, 15:29

Type Values Removed Values Added
CPE cpe:2.3:a:nagios:nagios_network_analyzer:2024:r1.0.3:*:*:*:*:*:*
Summary
  • (es) Una vulnerabilidad de control de acceso erróneo en Nagios Network Analyzer 2024R1.0.3 permite a usuarios con privilegios bajos y acceso de "Solo lectura" realizar acciones administrativas, como detener servicios del sistema y eliminar recursos críticos. Esta falla surge debido a una aplicación incorrecta de autorizaciones, lo que permite modificaciones no autorizadas que comprometen la integridad y la disponibilidad del sistema.
References () https://github.com/harshal79/Privilege-Escalation-in-Nagios-Network-Analyzer.git - () https://github.com/harshal79/Privilege-Escalation-in-Nagios-Network-Analyzer.git - Third Party Advisory
References () https://www.nagios.com/changelog/#network-analyzer - () https://www.nagios.com/changelog/#network-analyzer - Release Notes
First Time Nagios nagios Network Analyzer
Nagios

01 Apr 2025, 20:15

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 4.6
CWE CWE-285

01 Apr 2025, 17:15

Type Values Removed Values Added
New CVE

Information

Published : 2025-04-01 17:15

Updated : 2025-06-20 15:29


NVD link : CVE-2025-28131

Mitre link : CVE-2025-28131

CVE.ORG link : CVE-2025-28131


JSON object : View

Products Affected

nagios

  • nagios_network_analyzer
CWE
CWE-285

Improper Authorization