CVE-2025-34277
Published: 30 October 2025
Summary
CVE-2025-34277 is a critical-severity Code Injection (CWE-94) vulnerability in Nagios Log Server. Its CVSS base score is 9.8 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 45.9th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly requires validation mechanisms for malformed dashboard ID inputs to prevent them from being forwarded unvalidated to the internal API, blocking code injection.
Mandates timely flaw remediation by patching Nagios Log Server to version 2024R1.3.1 or later, eliminating the code injection vulnerability.
Implements memory protections to prevent unauthorized code execution in the Log Server process even if attacker-controlled data is injected.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
CVE-2025-34277 enables unauthenticated remote code execution via malformed dashboard ID in the network-accessible Nagios Log Server, directly facilitating T1190: Exploit Public-Facing Application.
NVD Description
Nagios Log Server versions prior to 2024R1.3.1 contain a code injection vulnerability where malformed dashboard ID values are not properly validated before being forwarded to an internal API. An attacker able to supply crafted dashboard ID values can cause the…
more
system to execute attacker-controlled data, leading to arbitrary code execution in the context of the Log Server process.
Deeper analysisAI
CVE-2025-34277 is a code injection vulnerability (CWE-94) affecting Nagios Log Server versions prior to 2024R1.3.1. The issue arises when malformed dashboard ID values are not properly validated before being forwarded to an internal API, allowing attacker-controlled data to be executed. This leads to arbitrary code execution in the context of the Log Server process. The vulnerability has a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating critical severity due to its high impact on confidentiality, integrity, and availability.
An unauthenticated attacker with network access can exploit this vulnerability by supplying crafted dashboard ID values, requiring low complexity and no user interaction. Successful exploitation grants remote code execution on the affected system, potentially allowing full compromise of the Log Server instance.
Nagios advisories recommend updating to version 2024R1.3.1 or later to mitigate the vulnerability, as detailed in the Nagios Log Server changelog at https://www.nagios.com/changelog/#log-server-2024R1 and security page at https://www.nagios.com/products/security/#log-server. Additional analysis is available from VulnCheck at https://www.vulncheck.com/advisories/nagios-log-server-rce-via-malformed-dashboard-id.
Details
- CWE(s)