Cyber Resilience

CVE-2025-34271

HighPublic PoC

Published: 30 October 2025

Published
30 October 2025
Modified
06 November 2025
KEV Added
Patch
CVSS Score v4 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0134 80.4th percentile
Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-34271 is a high-severity Cleartext Transmission of Sensitive Information (CWE-319) vulnerability in Nagios Log Server. Its CVSS base score is 8.7 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Network Sniffing (T1040); ranked in the top 19.6% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SC-13 (Cryptographic Protection) and SC-8 (Transmission Confidentiality and Integrity).

Deeper analysis

CVE-2025-34271 is a critical vulnerability in Nagios Log Server versions prior to 2024R2.0.2, specifically within the cluster manager component. The issue arises when the component requests sensitive credentials from peer nodes over an unencrypted channel, even if SSL/TLS is enabled in the product configuration. This leads to cleartext transmission of sensitive information, mapped to CWE-319, with a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

An attacker positioned on the network path between cluster nodes, such as in a man-in-the-middle scenario, can intercept these credentials in transit without requiring any privileges or user interaction. Captured credentials allow the attacker to authenticate as a cluster node or service account, facilitating unauthorized access, lateral movement across the network, or complete system compromise.

Nagios advisories recommend upgrading to version 2024R2.0.2 or later to address the vulnerability, as detailed in the product changelog and security page. Further technical analysis is provided in the VulnCheck advisory on the cluster manager's plaintext credential requests.

EU & UK References

Vulnerability details

Nagios Log Server versions prior to 2024R2.0.2 contain a vulnerability in the cluster manager component when requesting sensitive credentials from peer nodes over an unencrypted channel even when SSL/TLS is enabled in the product configuration. As a result, an attacker…

more

positioned on the network path can intercept credentials in transit. Captured credentials could allow the attacker to authenticate as a cluster node or service account, enabling further unauthorized access, lateral movement, or system compromise.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1040 Network Sniffing Credential Access
Adversaries may passively sniff network traffic to capture information about an environment, including authentication material passed over the network.
T1557 Adversary-in-the-Middle Credential Access
Adversaries may attempt to position themselves between two or more networked devices using an adversary-in-the-middle (AiTM) technique to support follow-on behaviors such as [Network Sniffing](https://attack.
Why these techniques?

The vulnerability causes cleartext transmission of sensitive credentials between cluster nodes, directly enabling network sniffing (T1040) to capture them and adversary-in-the-middle (T1557) positioning to intercept them without privileges.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2025-34274Same product: Nagios Log Server
CVE-2025-44824Same product: Nagios Log Server
CVE-2025-44823Same product: Nagios Log Server
CVE-2025-34277Same product: Nagios Log Server
CVE-2023-7322Same product: Nagios Log Server
CVE-2026-2042Same product class: network monitoring / SIEM
CVE-2025-67255Same product class: network monitoring / SIEM
CVE-2025-34227Same product class: network monitoring / SIEM
CVE-2024-13995Same product class: network monitoring / SIEM
CVE-2025-60425Same product class: network monitoring / SIEM

Affected Assets

nagios
log server
2024 · ≤ 2024

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly requires cryptographic protection for the confidentiality and integrity of sensitive credentials transmitted between cluster nodes over network paths.

prevent

Mandates implementation of cryptographic mechanisms to prevent unauthorized disclosure of sensitive information like credentials during transmission.

prevent

Ensures proper establishment and management of cryptographic keys required for secure TLS channels to protect credential transmissions.

References