CVE-2025-34271
Published: 30 October 2025
Summary
CVE-2025-34271 is a critical-severity Cleartext Transmission of Sensitive Information (CWE-319) vulnerability in Nagios Log Server. Its CVSS base score is 9.8 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Network Sniffing (T1040); ranked in the top 22.3% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SC-13 (Cryptographic Protection) and SC-8 (Transmission Confidentiality and Integrity).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly requires cryptographic protection for the confidentiality and integrity of sensitive credentials transmitted between cluster nodes over network paths.
Mandates implementation of cryptographic mechanisms to prevent unauthorized disclosure of sensitive information like credentials during transmission.
Ensures proper establishment and management of cryptographic keys required for secure TLS channels to protect credential transmissions.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The vulnerability causes cleartext transmission of sensitive credentials between cluster nodes, directly enabling network sniffing (T1040) to capture them and adversary-in-the-middle (T1557) positioning to intercept them without privileges.
NVD Description
Nagios Log Server versions prior to 2024R2.0.2 contain a vulnerability in the cluster manager component when requesting sensitive credentials from peer nodes over an unencrypted channel even when SSL/TLS is enabled in the product configuration. As a result, an attacker…
more
positioned on the network path can intercept credentials in transit. Captured credentials could allow the attacker to authenticate as a cluster node or service account, enabling further unauthorized access, lateral movement, or system compromise.
Deeper analysisAI
CVE-2025-34271 is a critical vulnerability in Nagios Log Server versions prior to 2024R2.0.2, specifically within the cluster manager component. The issue arises when the component requests sensitive credentials from peer nodes over an unencrypted channel, even if SSL/TLS is enabled in the product configuration. This leads to cleartext transmission of sensitive information, mapped to CWE-319, with a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
An attacker positioned on the network path between cluster nodes, such as in a man-in-the-middle scenario, can intercept these credentials in transit without requiring any privileges or user interaction. Captured credentials allow the attacker to authenticate as a cluster node or service account, facilitating unauthorized access, lateral movement across the network, or complete system compromise.
Nagios advisories recommend upgrading to version 2024R2.0.2 or later to address the vulnerability, as detailed in the product changelog and security page. Further technical analysis is provided in the VulnCheck advisory on the cluster manager's plaintext credential requests.
Details
- CWE(s)