Cyber Resilience

CVE-2023-53948

CriticalPublic PoCRCE

Published: 19 December 2025

Published
19 December 2025
Modified
15 April 2026
KEV Added
Patch
CVSS Score v4 9.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0080 51.8th percentile
Risk Priority 19 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2023-53948 is a critical-severity OS Command Injection (CWE-78) vulnerability in Nagios (inferred from references). Its CVSS base score is 9.3 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 48.2% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2023-53948 is a remote code execution vulnerability (CWE-78) in Lilac-Reloaded for Nagios version 2.0.8. The flaw exists in the autodiscovery feature due to a lack of input filtering on the nmap_binary parameter, enabling attackers to inject arbitrary commands.

Unauthenticated remote attackers can exploit this vulnerability over the network with low complexity by sending a crafted POST request to the autodiscovery endpoint. Successful exploitation allows execution of arbitrary commands, such as establishing a reverse shell, resulting in high impacts on confidentiality, integrity, and availability as reflected in the CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

Advisories from VulnCheck detail the remote code execution via autodiscovery, while Exploit-DB hosts a proof-of-concept exploit (ID 51374), and the Nagios Exchange page provides information on the affected Lilac-Reloaded addon. Security practitioners should review these references for mitigation recommendations and updates.

EU & UK References

Vulnerability details

Lilac-Reloaded for Nagios 2.0.8 contains a remote code execution vulnerability in the autodiscovery feature that allows attackers to inject arbitrary commands. Attackers can exploit the lack of input filtering in the nmap_binary parameter to execute a reverse shell by sending…

more

a crafted POST request to the autodiscovery endpoint.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1059.004 Unix Shell Execution
Adversaries may abuse Unix shell commands and scripts for execution.
Why these techniques?

CVE-2023-53948 enables remote code execution through OS command injection in a public-facing Nagios plugin's autodiscovery endpoint, directly facilitating T1190 (Exploit Public-Facing Application) for initial access and T1059.004 (Unix Shell) for arbitrary command execution.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2024-57012Shared CWE-78
CVE-2025-56086Shared CWE-78
CVE-2025-0356Shared CWE-78
CVE-2026-25244Shared CWE-78
CVE-2026-23774Shared CWE-78
CVE-2026-4622Shared CWE-78
CVE-2025-56092Shared CWE-78
CVE-2025-2257Shared CWE-78
CVE-2025-9972Shared CWE-78
CVE-2026-28384Shared CWE-78

Affected Assets

Nagios
inferred from references and description; NVD did not file a CPE for this CVE

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly addresses the lack of input filtering on the nmap_binary parameter by requiring validation of user-supplied inputs to prevent command injection and arbitrary code execution.

prevent

Ensures timely identification, reporting, and remediation of the specific RCE flaw in Lilac-Reloaded version 2.0.8, preventing exploitation through patching or compensating controls.

prevent

Enforces least privilege on the process handling the autodiscovery endpoint, limiting the impact and scope of arbitrary command execution even if injection occurs.

References