Login Sign Up

CVE-2025-34270

4.9 MEDIUM

📋 TL;DR

Nagios Log Server versions before 2024R2.0.2 expose plaintext AD/LDAP passwords during user import operations. This allows administrators or users with access to import results to view sensitive credentials. Organizations using AD/LDAP authentication with vulnerable Nagios Log Server versions are affected.

💻 Affected Systems

Products:
  • Nagios Log Server
Versions: All versions prior to 2024R2.0.2
Operating Systems: All supported platforms
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects systems using AD/LDAP user import functionality. Systems using local authentication only are not vulnerable.

📦 What is this software?

Log Server by Nagios

View all CVEs affecting Log Server →

Log Server by Nagios

View all CVEs affecting Log Server →

Log Server by Nagios

View all CVEs affecting Log Server →

Log Server by Nagios

View all CVEs affecting Log Server →

Log Server by Nagios

View all CVEs affecting Log Server →

Log Server by Nagios

View all CVEs affecting Log Server →

Log Server by Nagios

View all CVEs affecting Log Server →

Log Server by Nagios

View all CVEs affecting Log Server →

Log Server by Nagios

View all CVEs affecting Log Server →

Log Server by Nagios

View all CVEs affecting Log Server →

Log Server by Nagios

View all CVEs affecting Log Server →

Log Server by Nagios

View all CVEs affecting Log Server →

Log Server by Nagios

View all CVEs affecting Log Server →

Log Server by Nagios

View all CVEs affecting Log Server →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Administrators or malicious insiders capture AD/LDAP credentials, leading to domain compromise, lateral movement, and data exfiltration.

🟠

Likely Case

Authorized administrators accidentally view passwords in logs or UI, potentially exposing credentials through screenshots or log sharing.

🟢

If Mitigated

With proper access controls and monitoring, exposure is limited to trusted administrators who follow credential handling policies.

🌐 Internet-Facing: LOW - The vulnerability requires authenticated access to the Nagios Log Server interface.
🏢 Internal Only: MEDIUM - Internal administrators or users with import access can view credentials, but exploitation requires specific privileges.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploitation requires administrative or import privileges. Attackers need access to Nagios Log Server interface or logs.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2024R2.0.2

Vendor Advisory: https://www.nagios.com/changelog/#log-server

Restart Required: No

Instructions:

1. Backup current configuration. 2. Download Nagios Log Server 2024R2.0.2 from Nagios website. 3. Follow upgrade instructions in documentation. 4. Verify AD/LDAP import functionality works correctly.

🔧 Temporary Workarounds

Disable AD/LDAP Import

all

Temporarily disable AD/LDAP user import functionality until patching is complete

# Edit Nagios Log Server configuration to remove AD/LDAP import settings
# Consult Nagios documentation for specific configuration file locations

Use Local Authentication

all

Switch to local user accounts instead of AD/LDAP import until patch is applied

# Create local users via Nagios Log Server interface
# Disable AD/LDAP authentication in settings

🧯 If You Can't Patch

  • Restrict access to Nagios Log Server interface to essential administrators only
  • Implement strict logging and monitoring for AD/LDAP import activities

🔍 How to Verify

Check if Vulnerable:

Check Nagios Log Server version via web interface or command line. If version is below 2024R2.0.2 and AD/LDAP import is configured, system is vulnerable.

Check Version:

grep 'version' /usr/local/nagioslogserver/nagioslogserver/version.txt || cat /usr/local/nagioslogserver/version.txt

Verify Fix Applied:

After upgrading to 2024R2.0.2, perform test AD/LDAP import and verify passwords are not displayed in plaintext in UI or logs.

📡 Detection & Monitoring

Log Indicators:

  • Plaintext password strings in Nagios Log Server application logs
  • AD/LDAP import operations with password field visible

Network Indicators:

  • HTTP requests to user import endpoints with password parameters

SIEM Query:

source="nagios_log_server" AND ("password" OR "import" OR "AD" OR "LDAP")

📊 Metadata

CVE ID: CVE-2025-34270
CVSS v3 Score: 4.9 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
CWE: CWE-312
EPSS Score: 0.09% exploit probability (25.2th percentile)
Published: October 30, 2025
Last Updated: November 6, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-34270, you might also want to check these:

CVE-2022-43757 9.9

CVE-2022-43757 is a cleartext storage vulnerability in SUSE Rancher that allows users on managed clu...

Same vulnerability type (CWE-312)
CVE-2021-29954 9.8

This vulnerability in Hubs Cloud's Reticulum software allowed attackers to use the proxy functionali...

Same vulnerability type (CWE-312)
CVE-2022-26148 9.8

This vulnerability exposes Zabbix account passwords in Grafana's HTML source code when integrated wi...

Same vulnerability type (CWE-312)