Cyber Resilience

CVE-2012-10063

HighPublic PoC

Published: 30 October 2025

Published
30 October 2025
Modified
06 November 2025
KEV Added
Patch
CVSS Score v4 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0141 80.9th percentile
Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2012-10063 is a high-severity SQL Injection (CWE-89) vulnerability in Nagios Nagios Xi. Its CVSS base score is 8.7 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 19.1% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2012-10063 is a SQL injection vulnerability (CWE-89) affecting Nagios XI versions prior to 2012R1.3, specifically in the legacy Core Configuration Manager (CCM) interface. The flaw allows authenticated users to manipulate SQL queries by supplying crafted input to certain CCM parameters, enabling unauthorized access to configuration data stored in the application's database. It has a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating critical severity with high potential for confidentiality, integrity, and availability impacts.

An attacker with authenticated access to the Nagios XI instance can exploit this vulnerability remotely over the network with low complexity and no user interaction required. Successful exploitation enables disclosure or modification of notification data and, in some cases, broader impacts on the application database, such as unauthorized data access or alteration.

Mitigation involves upgrading to Nagios XI 2012R1.3 or later, as indicated by the affected version range. Additional details are available in the Nagios XI changelog at https://www.nagios.com/changelog/nagios-xi/ and the VulnCheck advisory at https://www.vulncheck.com/advisories/nagios-xi-authenticated-sqli-in-legacy-ccm.

EU & UK References

Vulnerability details

Nagios XI versions prior to 2012R1.3 contain a SQL injection vulnerability in the legacy Core Configuration Manager (CCM) interface. Authenticated users could manipulate SQL queries by supplying crafted input to specific CCM parameters, potentially allowing access to configuration data stored…

more

in the application database. Successful exploitation could disclose or modify notification data and, in some cases, impact the application database more broadly.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1213.006 Databases Collection
Adversaries may leverage databases to mine valuable information.
Why these techniques?

SQL injection in Nagios XI web application (public-facing) enables exploitation (T1190) and unauthorized database access/modification (T1213.006).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2020-36859Same product: Nagios Nagios Xi
CVE-2016-15050Same product: Nagios Nagios Xi
CVE-2025-67255Same product: Nagios Nagios Xi
CVE-2021-47693Same product: Nagios Nagios Xi
CVE-2024-13986Same product: Nagios Nagios Xi
CVE-2020-36867Same product: Nagios Nagios Xi
CVE-2023-7317Same product: Nagios Nagios Xi
CVE-2025-34284Same product: Nagios Nagios Xi
CVE-2024-13999Same product: Nagios Nagios Xi
CVE-2024-14005Same product: Nagios Nagios Xi

Affected Assets

nagios
nagios xi
2012 · ≤ 2011

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly prevents SQL injection attacks by validating and sanitizing crafted inputs to CCM parameters before they reach the database.

prevent

Mitigates the specific flaw by applying security patches or upgrading to Nagios XI 2012R1.3 or later as recommended.

detect

Identifies SQL injection vulnerabilities like CVE-2012-10063 through regular vulnerability scanning of the Nagios XI application.

References