CVE-2025-34135
📋 TL;DR
Nagios XI versions before 2024R1.4.2 have overly permissive systemd unit file permissions, specifically on nagios.service. This allows local attackers with existing access to potentially manipulate service execution or combine with other vulnerabilities. Only Nagios XI installations on Linux systems using systemd are affected.
💻 Affected Systems
- Nagios XI
📦 What is this software?
Nagios Xi by Nagios
Nagios Xi by Nagios
Nagios Xi by Nagios
Nagios Xi by Nagios
Nagios Xi by Nagios
Nagios Xi by Nagios
Nagios Xi by Nagios
Nagios Xi by Nagios
Nagios Xi by Nagios
Nagios Xi by Nagios
Nagios Xi by Nagios
Nagios Xi by Nagios
Nagios Xi by Nagios
Nagios Xi by Nagios
Nagios Xi by Nagios
Nagios Xi by Nagios
Nagios Xi by Nagios
Nagios Xi by Nagios
Nagios Xi by Nagios
Nagios Xi by Nagios
⚠️ Risk & Real-World Impact
Worst Case
Local privilege escalation leading to full system compromise if combined with other vulnerabilities or misconfigurations
Likely Case
Local users could manipulate Nagios service behavior, potentially disrupting monitoring or enabling persistence
If Mitigated
Limited impact with proper access controls and minimal local user accounts
🎯 Exploit Status
Requires local access and knowledge of systemd unit file manipulation
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 2024R1.4.2 or later
Vendor Advisory: https://www.nagios.com/changelog/nagios-xi/
Restart Required: No
Instructions:
1. Backup current configuration. 2. Upgrade to Nagios XI 2024R1.4.2 or later via the web interface or command line. 3. Verify permissions on /usr/lib/systemd/system/nagios.service are correct.
🔧 Temporary Workarounds
Manual permission correction
LinuxManually set correct permissions on the vulnerable systemd unit file
sudo chmod 644 /usr/lib/systemd/system/nagios.service
sudo systemctl daemon-reload
🧯 If You Can't Patch
- Restrict local user access to Nagios XI servers
- Implement strict file integrity monitoring on systemd unit files
🔍 How to Verify
Check if Vulnerable:
Check Nagios XI version in web interface or run: ls -la /usr/lib/systemd/system/nagios.service | grep -E 'rwx|777'Check Version:
grep 'nagiosxi_version' /usr/local/nagiosxi/var/xiversionVerify Fix Applied:
Verify version is 2024R1.4.2+ and check permissions: ls -la /usr/lib/systemd/system/nagios.service should show 644 (-rw-r--r--)📡 Detection & Monitoring
Log Indicators:
- Unexpected modifications to systemd unit files in audit logs
- Unauthorized service restarts or configuration changes
Network Indicators:
- None - local-only vulnerability
SIEM Query:
source="audit.log" AND (filepath="/usr/lib/systemd/system/nagios.service" OR process="chmod" AND filepath LIKE "%/nagios.service")