Cyber Resilience

CVE-2025-34277

CriticalPublic PoCRCE

Published: 30 October 2025

Published
30 October 2025
Modified
06 November 2025
KEV Added
Patch
CVSS Score v4 9.4 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0042 62.5th percentile
Risk Priority 19 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-34277 is a critical-severity Code Injection (CWE-94) vulnerability in Nagios Log Server. Its CVSS base score is 9.4 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 37.5% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2025-34277 is a code injection vulnerability (CWE-94) affecting Nagios Log Server versions prior to 2024R1.3.1. The issue arises when malformed dashboard ID values are not properly validated before being forwarded to an internal API, allowing attacker-controlled data to be executed. This leads to arbitrary code execution in the context of the Log Server process. The vulnerability has a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating critical severity due to its high impact on confidentiality, integrity, and availability.

An unauthenticated attacker with network access can exploit this vulnerability by supplying crafted dashboard ID values, requiring low complexity and no user interaction. Successful exploitation grants remote code execution on the affected system, potentially allowing full compromise of the Log Server instance.

Nagios advisories recommend updating to version 2024R1.3.1 or later to mitigate the vulnerability, as detailed in the Nagios Log Server changelog at https://www.nagios.com/changelog/#log-server-2024R1 and security page at https://www.nagios.com/products/security/#log-server. Additional analysis is available from VulnCheck at https://www.vulncheck.com/advisories/nagios-log-server-rce-via-malformed-dashboard-id.

EU & UK References

Vulnerability details

Nagios Log Server versions prior to 2024R1.3.1 contain a code injection vulnerability where malformed dashboard ID values are not properly validated before being forwarded to an internal API. An attacker able to supply crafted dashboard ID values can cause the…

more

system to execute attacker-controlled data, leading to arbitrary code execution in the context of the Log Server process.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

CVE-2025-34277 enables unauthenticated remote code execution via malformed dashboard ID in the network-accessible Nagios Log Server, directly facilitating T1190: Exploit Public-Facing Application.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2025-34274Same product: Nagios Log Server
CVE-2025-34271Same product: Nagios Log Server
CVE-2025-44823Same product: Nagios Log Server
CVE-2025-44824Same product: Nagios Log Server
CVE-2023-7322Same product: Nagios Log Server
CVE-2024-13999Same product class: network monitoring / SIEM
CVE-2026-2041Same product class: network monitoring / SIEM
CVE-2024-14005Same product class: network monitoring / SIEM
CVE-2023-7317Same product class: network monitoring / SIEM
CVE-2025-34284Same product class: network monitoring / SIEM

Affected Assets

nagios
log server
2024 · ≤ 2024

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly requires validation mechanisms for malformed dashboard ID inputs to prevent them from being forwarded unvalidated to the internal API, blocking code injection.

prevent

Mandates timely flaw remediation by patching Nagios Log Server to version 2024R1.3.1 or later, eliminating the code injection vulnerability.

prevent

Implements memory protections to prevent unauthorized code execution in the Log Server process even if attacker-controlled data is injected.

References