CVE-2023-53948
Published: 19 December 2025
Summary
CVE-2023-53948 is a critical-severity OS Command Injection (CWE-78) vulnerability in Nagios (inferred from references). Its CVSS base score is 9.3 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 48.2% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Deeper analysis
CVE-2023-53948 is a remote code execution vulnerability (CWE-78) in Lilac-Reloaded for Nagios version 2.0.8. The flaw exists in the autodiscovery feature due to a lack of input filtering on the nmap_binary parameter, enabling attackers to inject arbitrary commands.
Unauthenticated remote attackers can exploit this vulnerability over the network with low complexity by sending a crafted POST request to the autodiscovery endpoint. Successful exploitation allows execution of arbitrary commands, such as establishing a reverse shell, resulting in high impacts on confidentiality, integrity, and availability as reflected in the CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
Advisories from VulnCheck detail the remote code execution via autodiscovery, while Exploit-DB hosts a proof-of-concept exploit (ID 51374), and the Nagios Exchange page provides information on the affected Lilac-Reloaded addon. Security practitioners should review these references for mitigation recommendations and updates.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-204593
Vulnerability details
Lilac-Reloaded for Nagios 2.0.8 contains a remote code execution vulnerability in the autodiscovery feature that allows attackers to inject arbitrary commands. Attackers can exploit the lack of input filtering in the nmap_binary parameter to execute a reverse shell by sending…
more
a crafted POST request to the autodiscovery endpoint.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
CVE-2023-53948 enables remote code execution through OS command injection in a public-facing Nagios plugin's autodiscovery endpoint, directly facilitating T1190 (Exploit Public-Facing Application) for initial access and T1059.004 (Unix Shell) for arbitrary command execution.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly addresses the lack of input filtering on the nmap_binary parameter by requiring validation of user-supplied inputs to prevent command injection and arbitrary code execution.
Ensures timely identification, reporting, and remediation of the specific RCE flaw in Lilac-Reloaded version 2.0.8, preventing exploitation through patching or compensating controls.
Enforces least privilege on the process handling the autodiscovery endpoint, limiting the impact and scope of arbitrary command execution even if injection occurs.