Login Sign Up

CVE-2025-34271

9.8 CRITICAL

📋 TL;DR

Nagios Log Server versions before 2024R2.0.2 transmit cluster credentials over unencrypted channels even when SSL/TLS is configured, allowing network-positioned attackers to intercept authentication credentials. This affects all Nagios Log Server deployments using cluster functionality. Captured credentials could enable attackers to authenticate as cluster nodes or service accounts.

💻 Affected Systems

Products:
  • Nagios Log Server
Versions: All versions prior to 2024R2.0.2
Operating Systems: All supported platforms
Default Config Vulnerable: ⚠️ Yes
Notes: Affects all cluster configurations regardless of SSL/TLS settings in product configuration.

📦 What is this software?

Log Server by Nagios

View all CVEs affecting Log Server →

Log Server by Nagios

View all CVEs affecting Log Server →

Log Server by Nagios

View all CVEs affecting Log Server →

Log Server by Nagios

View all CVEs affecting Log Server →

Log Server by Nagios

View all CVEs affecting Log Server →

Log Server by Nagios

View all CVEs affecting Log Server →

Log Server by Nagios

View all CVEs affecting Log Server →

Log Server by Nagios

View all CVEs affecting Log Server →

Log Server by Nagios

View all CVEs affecting Log Server →

Log Server by Nagios

View all CVEs affecting Log Server →

Log Server by Nagios

View all CVEs affecting Log Server →

Log Server by Nagios

View all CVEs affecting Log Server →

Log Server by Nagios

View all CVEs affecting Log Server →

Log Server by Nagios

View all CVEs affecting Log Server →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full cluster compromise leading to complete system takeover, data exfiltration, and lateral movement across the entire monitoring infrastructure.

🟠

Likely Case

Attacker gains authenticated access to cluster nodes, enabling privilege escalation, configuration manipulation, and further credential harvesting.

🟢

If Mitigated

Limited impact if network segmentation prevents attacker access to cluster communication channels.

🌐 Internet-Facing: HIGH if cluster traffic traverses untrusted networks or internet-facing interfaces.
🏢 Internal Only: HIGH due to potential for lateral movement within the network once credentials are captured.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires network access to cluster communication channels but is technically simple once positioned.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2024R2.0.2

Vendor Advisory: https://www.nagios.com/changelog/#log-server

Restart Required: Yes

Instructions:

1. Backup current configuration. 2. Download Nagios Log Server 2024R2.0.2 from official sources. 3. Follow Nagios upgrade documentation for your deployment type. 4. Restart all cluster nodes after upgrade.

🔧 Temporary Workarounds

Network Segmentation

all

Isolate cluster communication to dedicated, trusted network segments inaccessible to untrusted users.

VPN Tunnel for Cluster Traffic

all

Encapsulate all cluster node communication within encrypted VPN tunnels.

🧯 If You Can't Patch

  • Implement strict network access controls to limit who can access cluster communication ports
  • Monitor cluster traffic for unauthorized access attempts and credential harvesting patterns

🔍 How to Verify

Check if Vulnerable:

Check Nagios Log Server version via web interface or command line. Versions below 2024R2.0.2 are vulnerable.

Check Version:

grep 'version' /usr/local/nagioslogserver/nagioslogserver/version.txt

Verify Fix Applied:

Verify version is 2024R2.0.2 or higher and test cluster communication to confirm encrypted credential exchange.

📡 Detection & Monitoring

Log Indicators:

  • Unauthorized authentication attempts using cluster credentials
  • Unexpected cluster node join/leave events
  • Failed cluster communication attempts

Network Indicators:

  • Unencrypted credential transmission on cluster ports (default 5672, 5671)
  • Network sniffing tools targeting cluster communication

SIEM Query:

source="nagios_log_server" AND (event_type="cluster_auth" OR event_type="node_join") AND result="failure"

📊 Metadata

CVE ID: CVE-2025-34271
CVSS v3 Score: 9.8 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-319
EPSS Score: 0.66% exploit probability (70.7th percentile)
Published: October 30, 2025
Last Updated: November 6, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-34271, you might also want to check these:

CVE-2023-33730 9.8

CVE-2023-33730 is a critical privilege escalation vulnerability in Microworld Technologies eScan Man...

Same vulnerability type (CWE-319)
CVE-2022-21829 9.8

This vulnerability in Concrete CMS allows authenticated high-privilege users to download zip files o...

Same vulnerability type (CWE-319)
CVE-2020-5426 9.8

CVE-2020-5426 allows attackers to intercept UAA client tokens transmitted in plaintext over non-TLS ...

Same vulnerability type (CWE-319)