VDB

GCVE-110-NCSC-2025-349

GCVE-110-NCSC-2025-349
Advisory Published
Vulnetix · Advisory published November 3, 2025
Nagios XI versions prior to 2024R1.4.2 are vulnerable to remote code execution in the Business Process Intelligence component due to inadequate validation of configuration parameters, allowing authenticated users to execute arbitrary code.

Weaknesses (CWE)

CWE-732Incorrect Permission Assignment for Critical ResourceCWE-78Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')CWE-497Exposure of Sensitive System Information to an Unauthorized Control Sphere

Affected Products

VendorProductVersionsPlatforms
Nagios Enterprisesvers:unknown/*

References

advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory

Browse GCVE Records

72,921 records in the GCVE database · Updated July 15, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›