CVE-2025-34284
Published: 30 October 2025
Summary
CVE-2025-34284 is a high-severity OS Command Injection (CWE-78) vulnerability in Nagios Nagios Xi. Its CVSS base score is 8.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 35.6% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly addresses the insufficient validation of user-supplied parameters that enables shell metacharacter injection into backend command invocations.
Requires timely flaw remediation through patching or upgrading to Nagios XI 2024R2, eliminating the command injection vulnerability.
Enforces least privilege on the Nagios XI web application user, limiting the scope and impact of arbitrary command execution if exploited.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Command injection vulnerability in the web-based Nagios XI WinRM plugin enables exploitation of a public-facing application (T1190) and arbitrary execution via Unix Shell (T1059.004).
NVD Description
Nagios XI versions prior to 2024R2 contain a command injection vulnerability in the WinRM plugin. Insufficient validation of user-supplied parameters allows an authenticated administrator to inject shell metacharacters that are incorporated into backend command invocations. Successful exploitation enables arbitrary command…
more
execution with the privileges of the Nagios XI web application user and can be leveraged to modify configuration, exfiltrate data, disrupt monitoring operations, or execute commands on the underlying host operating system.
Deeper analysisAI
CVE-2025-34284 is a command injection vulnerability (CWE-78) in the WinRM plugin of Nagios XI versions prior to 2024R2. The issue stems from insufficient validation of user-supplied parameters, which allows injection of shell metacharacters into backend command invocations. Published on 2025-10-30, it carries a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).
An authenticated administrator can exploit this vulnerability remotely with low complexity and no user interaction required. Successful exploitation grants arbitrary command execution under the privileges of the Nagios XI web application user, enabling attackers to modify configurations, exfiltrate data, disrupt monitoring operations, or execute commands on the underlying host operating system.
Nagios advisories point to upgrading to Nagios XI 2024R2 as the primary mitigation. Relevant resources include the Nagios XI changelog at https://www.nagios.com/changelog/nagios-xi/, the security products page at https://www.nagios.com/products/security/#nagios-xi, and the VulnCheck advisory at https://www.vulncheck.com/advisories/nagios-xi-authenticated-command-injection-via-winrm-plugin.
Details
- CWE(s)