Cyber Resilience

CVE-2025-34284

CriticalPublic PoCRCE

Published: 30 October 2025

Published
30 October 2025
Modified
06 November 2025
KEV Added
Patch
CVSS Score v4 9.4 CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0083 75.1th percentile
Risk Priority 19 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-34284 is a critical-severity OS Command Injection (CWE-78) vulnerability in Nagios Nagios Xi. Its CVSS base score is 9.4 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 24.9% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2025-34284 is a command injection vulnerability (CWE-78) in the WinRM plugin of Nagios XI versions prior to 2024R2. The issue stems from insufficient validation of user-supplied parameters, which allows injection of shell metacharacters into backend command invocations. Published on 2025-10-30, it carries a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).

An authenticated administrator can exploit this vulnerability remotely with low complexity and no user interaction required. Successful exploitation grants arbitrary command execution under the privileges of the Nagios XI web application user, enabling attackers to modify configurations, exfiltrate data, disrupt monitoring operations, or execute commands on the underlying host operating system.

Nagios advisories point to upgrading to Nagios XI 2024R2 as the primary mitigation. Relevant resources include the Nagios XI changelog at https://www.nagios.com/changelog/nagios-xi/, the security products page at https://www.nagios.com/products/security/#nagios-xi, and the VulnCheck advisory at https://www.vulncheck.com/advisories/nagios-xi-authenticated-command-injection-via-winrm-plugin.

EU & UK References

Vulnerability details

Nagios XI versions prior to 2024R2 contain a command injection vulnerability in the WinRM plugin. Insufficient validation of user-supplied parameters allows an authenticated administrator to inject shell metacharacters that are incorporated into backend command invocations. Successful exploitation enables arbitrary command…

more

execution with the privileges of the Nagios XI web application user and can be leveraged to modify configuration, exfiltrate data, disrupt monitoring operations, or execute commands on the underlying host operating system.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1059.004 Unix Shell Execution
Adversaries may abuse Unix shell commands and scripts for execution.
Why these techniques?

Command injection vulnerability in the web-based Nagios XI WinRM plugin enables exploitation of a public-facing application (T1190) and arbitrary execution via Unix Shell (T1059.004).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-2041Same product: Nagios Nagios Xi
CVE-2024-14005Same product: Nagios Nagios Xi
CVE-2024-14003Same product: Nagios Nagios Xi
CVE-2026-2043Same product: Nagios Nagios Xi
CVE-2026-2042Same product: Nagios Nagios Xi
CVE-2020-36867Same product: Nagios Nagios Xi
CVE-2025-34227Same product: Nagios Nagios Xi
CVE-2013-10073Same product: Nagios Nagios Xi
CVE-2018-25122Same product: Nagios Nagios Xi
CVE-2023-7317Same product: Nagios Nagios Xi

Affected Assets

nagios
nagios xi
2024 · ≤ 2024

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly addresses the insufficient validation of user-supplied parameters that enables shell metacharacter injection into backend command invocations.

prevent

Requires timely flaw remediation through patching or upgrading to Nagios XI 2024R2, eliminating the command injection vulnerability.

prevent

Enforces least privilege on the Nagios XI web application user, limiting the scope and impact of arbitrary command execution if exploited.

References