CVE-2025-28131

A Broken Access Control vulnerability in Nagios Network Analyzer 2024R1.0.3 allows low-privilege users with "Read-Only" access to perform administrative actions, including stopping system services and deleting critical resources. This flaw arises due to improper authorization enforcement, enabling unauthorized modifications that compromise system integrity and availability.

CVSS v3 4.6 MEDIUM

4.6^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.1 / Impact : 2.5

Attack Vector ADJACENT_NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact LOW

Scope UNCHANGED

References

Link	Resource
https://github.com/harshal79/Privilege-Escalation-in-Nagios-Network-Analyzer.git	Third Party Advisory
https://www.nagios.com/changelog/#network-analyzer	Release Notes

Configurations

Configuration 1 (hide)

cpe:2.3:a:nagios:nagios_network_analyzer:2024:r1.0.3:*:*:*:*:*:*

History

20 Jun 2025, 15:29

Type	Values Removed	Values Added
CPE		cpe:2.3:a:nagios:nagios_network_analyzer:2024:r1.0.3::::::
Summary		(es) Una vulnerabilidad de control de acceso erróneo en Nagios Network Analyzer 2024R1.0.3 permite a usuarios con privilegios bajos y acceso de "Solo lectura" realizar acciones administrativas, como detener servicios del sistema y eliminar recursos críticos. Esta falla surge debido a una aplicación incorrecta de autorizaciones, lo que permite modificaciones no autorizadas que comprometen la integridad y la disponibilidad del sistema.
References	~~() https://github.com/harshal79/Privilege-Escalation-in-Nagios-Network-Analyzer.git -~~	() https://github.com/harshal79/Privilege-Escalation-in-Nagios-Network-Analyzer.git - Third Party Advisory
References	~~() https://www.nagios.com/changelog/#network-analyzer -~~	() https://www.nagios.com/changelog/#network-analyzer - Release Notes
First Time		Nagios nagios Network Analyzer Nagios

01 Apr 2025, 20:15

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 4.6
CWE		CWE-285

01 Apr 2025, 17:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-04-01 17:15

Updated : 2025-06-20 15:29

NVD link : CVE-2025-28131

Mitre link : CVE-2025-28131

CVE.ORG link : CVE-2025-28131

JSON object : View

Products Affected

nagios

nagios_network_analyzer

CWE

CWE-285

Improper Authorization

{"id": "CVE-2025-28131", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.6, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 2.5, "exploitabilityScore": 2.1}]}, "published": "2025-04-01T17:15:46.493", "references": [{"url": "https://github.com/harshal79/Privilege-Escalation-in-Nagios-Network-Analyzer.git", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.nagios.com/changelog/#network-analyzer", "tags": ["Release Notes"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-285"}]}], "descriptions": [{"lang": "en", "value": "A Broken Access Control vulnerability in Nagios Network Analyzer 2024R1.0.3 allows low-privilege users with \"Read-Only\" access to perform administrative actions, including stopping system services and deleting critical resources. This flaw arises due to improper authorization enforcement, enabling unauthorized modifications that compromise system integrity and availability."}, {"lang": "es", "value": "Una vulnerabilidad de control de acceso err\u00f3neo en Nagios Network Analyzer 2024R1.0.3 permite a usuarios con privilegios bajos y acceso de \"Solo lectura\" realizar acciones administrativas, como detener servicios del sistema y eliminar recursos cr\u00edticos. Esta falla surge debido a una aplicaci\u00f3n incorrecta de autorizaciones, lo que permite modificaciones no autorizadas que comprometen la integridad y la disponibilidad del sistema."}], "lastModified": "2025-06-20T15:29:29.887", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:nagios:nagios_network_analyzer:2024:r1.0.3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B666B189-86A9-407E-8943-7C5ADCF2A4BF"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}

4.6 /10