Cyber Posture

CVE-2025-67255

High

Published: 29 December 2025

Published
29 December 2025
Modified
15 January 2026
KEV Added
Patch
CVSS Score 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0110 78.3th percentile
Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-67255 is a high-severity SQL Injection (CWE-89) vulnerability in Nagios Nagios Xi. Its CVSS base score is 8.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation of Remote Services (T1210); ranked in the top 21.7% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploitation of Remote Services (T1210) and 1 other technique. What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-10 Information Input Validation good match
prevent

Directly mandates validation of untrusted inputs like Dashboard parameters to prevent SQL injection exploitation.

SI-2 Flaw Remediation good match
prevent

Requires identification, reporting, and correction of flaws such as the unfiltered Dashboard parameters enabling SQL injection.

RA-5 Vulnerability Monitoring and Scanning partial match
preventdetect

Enables vulnerability scanning to identify SQL injection issues in NagiosXI Dashboard parameters and subsequent remediation.

MITRE ATT&CK Enterprise TechniquesAI

T1210 Exploitation of Remote Services Lateral Movement
Adversaries may exploit remote services to gain unauthorized access to internal systems once inside of a network.
attack.mitre.org →
T1213.006 Databases Collection
Adversaries may leverage databases to mine valuable information.
attack.mitre.org →
Why these techniques?

SQL injection in Dashboard parameters enables low-privileged authenticated users to execute arbitrary SQL queries, directly facilitating exploitation of remote services (T1210) and unauthorized access to database contents (T1213.006).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

NVD Description

In NagiosXI 2026R1.0.1 build 1762361101, Dashboard parameters lack proper filtering, allowing any authenticated user to exploit a SQL Injection vulnerability.

Deeper analysisAI

CVE-2025-67255 is a SQL injection vulnerability (CWE-89) affecting NagiosXI version 2026R1.0.1 build 1762361101. The issue stems from Dashboard parameters that lack proper filtering, enabling exploitation by any authenticated user. Published on 2025-12-29, it carries a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), indicating high severity due to network accessibility, low attack complexity, and significant impacts on confidentiality, integrity, and availability.

Any low-privileged authenticated user can exploit this vulnerability remotely without user interaction. Attackers can inject malicious SQL queries through unfiltered Dashboard parameters, potentially leading to unauthorized data access, modification, or deletion, as well as system compromise given the high impact ratings across CIA triad metrics.

Resources for further details include a GitHub repository at https://github.com/YongYe-Security/NagiosXI/tree/main and the official Nagios site at https://www.nagios.org/, which security practitioners should review for any advisories, patches, or mitigation guidance.

Details

CWE(s)
CWE-89

Affected Products

nagios
nagios xi
2026

CVEs Like This One

CVE-2012-10063Same product: Nagios Nagios Xi
CVE-2020-36859Same product: Nagios Nagios Xi
CVE-2016-15050Same product: Nagios Nagios Xi
CVE-2021-47693Same product: Nagios Nagios Xi
CVE-2026-2042Same product: Nagios Nagios Xi
CVE-2025-34284Same product: Nagios Nagios Xi
CVE-2024-14005Same product: Nagios Nagios Xi
CVE-2024-13999Same product: Nagios Nagios Xi
CVE-2026-2041Same product: Nagios Nagios Xi
CVE-2024-13996Same product: Nagios Nagios Xi

References