Login Sign Up

CVE-2025-34273

6.5 MEDIUM
Authentication Bypass

📋 TL;DR

Nagios Log Server versions before 2024R2.0.3 have an authorization flaw that lets non-admin users delete global dashboards. This affects all organizations using vulnerable Nagios Log Server instances where multiple users have dashboard access.

💻 Affected Systems

Products:
  • Nagios Log Server
Versions: All versions prior to 2024R2.0.3
Operating Systems: All supported platforms
Default Config Vulnerable: ⚠️ Yes
Notes: Affects all deployments with multiple user accounts where non-admin users have dashboard access.

📦 What is this software?

Log Server by Nagios

View all CVEs affecting Log Server →

Log Server by Nagios

View all CVEs affecting Log Server →

Log Server by Nagios

View all CVEs affecting Log Server →

Log Server by Nagios

View all CVEs affecting Log Server →

Log Server by Nagios

View all CVEs affecting Log Server →

Log Server by Nagios

View all CVEs affecting Log Server →

Log Server by Nagios

View all CVEs affecting Log Server →

Log Server by Nagios

View all CVEs affecting Log Server →

Log Server by Nagios

View all CVEs affecting Log Server →

Log Server by Nagios

View all CVEs affecting Log Server →

Log Server by Nagios

View all CVEs affecting Log Server →

Log Server by Nagios

View all CVEs affecting Log Server →

Log Server by Nagios

View all CVEs affecting Log Server →

Log Server by Nagios

View all CVEs affecting Log Server →

Log Server by Nagios

View all CVEs affecting Log Server →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Malicious insider or compromised account deletes all global dashboards, disrupting monitoring visibility and potentially hiding security incidents from administrators.

🟠

Likely Case

Accidental or intentional deletion of important monitoring dashboards by authorized non-admin users, causing operational disruption and requiring dashboard restoration.

🟢

If Mitigated

Limited impact if dashboards are regularly backed up and can be quickly restored, though still causes temporary monitoring gaps.

🌐 Internet-Facing: MEDIUM - Requires authenticated access but could be exploited if credentials are compromised or through social engineering.
🏢 Internal Only: HIGH - Internal users with legitimate access can exploit this vulnerability intentionally or accidentally.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Requires authenticated access as any non-admin user. Exploitation involves accessing dashboard deletion functionality that should be restricted.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2024R2.0.3 or later

Vendor Advisory: https://www.nagios.com/changelog/#log-server

Restart Required: No

Instructions:

1. Backup current configuration and dashboards. 2. Download Nagios Log Server 2024R2.0.3 or later from Nagios website. 3. Follow Nagios upgrade documentation for your deployment type. 4. Verify authorization checks are working post-upgrade.

🔧 Temporary Workarounds

Restrict dashboard access

all

Limit non-admin user access to dashboard management functions through role-based controls

Review and modify user permissions in Nagios Log Server admin interface

🧯 If You Can't Patch

  • Implement strict access controls and monitor dashboard deletion activities
  • Regularly backup dashboard configurations and maintain restore procedures

🔍 How to Verify

Check if Vulnerable:

Check Nagios Log Server version in admin interface or via command line. Versions below 2024R2.0.3 are vulnerable.

Check Version:

Check web interface admin panel or consult Nagios Log Server documentation for version check commands specific to your installation.

Verify Fix Applied:

After upgrading to 2024R2.0.3+, test with non-admin account that dashboard deletion is properly restricted.

📡 Detection & Monitoring

Log Indicators:

  • Log entries showing dashboard deletion by non-admin users
  • Unauthorized access attempts to dashboard management endpoints

Network Indicators:

  • HTTP requests to dashboard deletion API endpoints from non-admin accounts

SIEM Query:

source="nagios_log_server" AND (event_type="dashboard_delete" OR uri_path="/dashboards/delete") AND user_role!="admin"

📊 Metadata

CVE ID: CVE-2025-34273
CVSS v3 Score: 6.5 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
CWE: CWE-863
EPSS Score: 0.22% exploit probability (44.4th percentile)
Published: October 30, 2025
Last Updated: November 6, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-34273, you might also want to check these:

CVE-2023-4617 10.0

This vulnerability allows remote attackers to bypass authorization controls in the Govee Home mobile...

Same vulnerability type (CWE-863)
CVE-2025-54253 10.0

CVE-2025-54253 is a critical misconfiguration vulnerability in Adobe Experience Manager Forms that a...

Same vulnerability type (CWE-863)
CVE-2021-38503 10.0

This vulnerability allows malicious iframes to bypass sandbox restrictions when loading XSLT stylesh...

Same vulnerability type (CWE-863)