Login Sign Up

CVE-2018-25119

6.1 MEDIUM
Cross-Site Scripting

📋 TL;DR

This cross-site scripting vulnerability in Nagios Fusion allows attackers to inject malicious scripts via the 'fusionwindow' parameter. When exploited, these scripts execute in victims' browsers, potentially stealing session cookies or performing unauthorized actions. Organizations running Nagios Fusion versions before 4.1.5 are affected.

💻 Affected Systems

Products:
  • Nagios Fusion
Versions: All versions prior to 4.1.5
Operating Systems: All supported platforms
Default Config Vulnerable: ⚠️ Yes
Notes: All Nagios Fusion installations with default configurations are vulnerable if running affected versions.

📦 What is this software?

Fusion by Nagios

View all CVEs affecting Fusion →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attacker steals administrator session cookies, gains full administrative access to Nagios Fusion, and potentially compromises the entire monitoring infrastructure.

🟠

Likely Case

Attacker steals user session cookies, performs unauthorized actions within Nagios Fusion, or redirects users to malicious sites.

🟢

If Mitigated

Script execution is blocked by browser security features or web application firewalls, limiting impact to minor UI disruption.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploitation requires user interaction (victim must click malicious link) and knowledge of the vulnerable parameter.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 4.1.5

Vendor Advisory: https://www.nagios.com/changelog/nagios-fusion/

Restart Required: No

Instructions:

1. Backup current Nagios Fusion configuration. 2. Download Nagios Fusion 4.1.5 from official Nagios website. 3. Follow upgrade instructions in Nagios Fusion documentation. 4. Verify upgrade completed successfully.

🔧 Temporary Workarounds

Web Application Firewall Rules

all

Implement WAF rules to block malicious script patterns in the fusionwindow parameter

Content Security Policy

all

Implement strict CSP headers to prevent script execution from untrusted sources

🧯 If You Can't Patch

  • Implement network segmentation to restrict access to Nagios Fusion only to authorized users
  • Enable browser security features like XSS filters and disable JavaScript execution for untrusted sources

🔍 How to Verify

Check if Vulnerable:

Check Nagios Fusion version via web interface or configuration files. If version is below 4.1.5, system is vulnerable.

Check Version:

grep 'version' /usr/local/nagiosfusion/etc/version.txt

Verify Fix Applied:

After patching, verify version shows 4.1.5 or higher and test that script injection in fusionwindow parameter is properly sanitized.

📡 Detection & Monitoring

Log Indicators:

  • Unusual length or special characters in fusionwindow parameter values
  • Multiple failed script injection attempts in web logs

Network Indicators:

  • HTTP requests containing script tags or JavaScript in fusionwindow parameter

SIEM Query:

source="nagios_fusion_logs" AND (fusionwindow CONTAINS "<script>" OR fusionwindow CONTAINS "javascript:")

📊 Metadata

CVE ID: CVE-2018-25119
CVSS v3 Score: 6.1 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
CWE: CWE-79
EPSS Score: 0.5% exploit probability (65.6th percentile)
Published: October 30, 2025
Last Updated: November 6, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2018-25119, you might also want to check these:

CVE-2021-39199 10.0

CVE-2021-39199 is a critical cross-site scripting (XSS) vulnerability in the remark-html Node.js lib...

Same vulnerability type (CWE-79)
CVE-2021-32671 10.0

This vulnerability in Flarum forum software allows attackers to inject malicious HTML/JavaScript int...

Same vulnerability type (CWE-79)
CVE-2021-32798 10.0

CVE-2021-32798 is a critical vulnerability in Jupyter Notebook that allows malicious notebook files ...

Same vulnerability type (CWE-79)