VDB
GCVE-110-NCSC-2025-349
GCVE-110-NCSC-2025-349
Advisory Published
Nagios XI versions prior to 2024R1.4.2 are vulnerable to remote code execution in the Business Process Intelligence component due to inadequate validation of configuration parameters, allowing authenticated users to execute arbitrary code.
Weaknesses (CWE)
CWE-732Incorrect Permission Assignment for Critical ResourceCWE-78Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')CWE-497Exposure of Sensitive System Information to an Unauthorized Control Sphere
Affected Products
| Vendor | Product | Versions | Platforms |
|---|---|---|---|
| Nagios Enterprises | vers:unknown/* | — | — |
Browse GCVE Records
72,921 records in the GCVE database · Updated July 15, 2026
No matching records found.
Explore Further
Investigate this vulnerability in the interactive console or download the raw GCVE record.