CVE-2025-34278 – Nagios Network Analyzer versions before 2024R1 ... (How to Fix)

Q: What is the severity of CVE-2025-34278?

CVE-2025-34278 has a CVSS score of 5.4 (MEDIUM). Nagios Network Analyzer versions before 2024R1 contain a stored XSS vulnerability in the Source Groups page's percentile calculator menu. An attacker can inject malicious scripts that execute in victims' browsers when they view the affected page. This affects all users of vulnerable Nagios Network Analyzer installations.

📋 TL;DR

Nagios Network Analyzer versions before 2024R1 contain a stored XSS vulnerability in the Source Groups page's percentile calculator menu. An attacker can inject malicious scripts that execute in victims' browsers when they view the affected page. This affects all users of vulnerable Nagios Network Analyzer installations.

💻 Affected Systems

Products:

Nagios Network Analyzer

Versions: All versions prior to 2024R1

Operating Systems: All supported platforms

Default Config Vulnerable: ⚠️ Yes

Notes: All installations with the Source Groups page accessible are vulnerable. No special configuration required.

📦 What is this software?

Network Analyzer by Nagios

View all CVEs affecting Network Analyzer →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attacker steals administrator session cookies, gains administrative access to the Nagios system, and potentially pivots to internal network systems.

🟠

Likely Case

Attacker steals user session cookies, performs actions as authenticated users, or captures sensitive information displayed in the interface.

🟢

If Mitigated

Script execution is blocked by browser security features or content security policies, limiting impact to minor UI manipulation.

🌐 Internet-Facing: HIGH - If exposed to the internet, attackers can target any user accessing the vulnerable page.

🏢 Internal Only: MEDIUM - Internal attackers or compromised internal systems could exploit this to escalate privileges or move laterally.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires authenticated access to inject payload, but payload executes for all users viewing the page. No public exploit code available.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2024R1 and later

Vendor Advisory: https://www.nagios.com/changelog/#network-analyzer

Restart Required: No

Instructions:

1. Download Nagios Network Analyzer 2024R1 or later from Nagios website. 2. Follow upgrade instructions in documentation. 3. Verify upgrade completed successfully.

🔧 Temporary Workarounds

Restrict Access to Source Groups Page

all

Limit access to the vulnerable Source Groups page using network controls or authentication restrictions.

Implement Content Security Policy

all

Add CSP headers to prevent script execution from untrusted sources.

Add 'Content-Security-Policy: script-src 'self'' to web server configuration

🧯 If You Can't Patch

Implement strict input validation and output encoding for all user-supplied data in the Source Groups interface
Monitor for suspicious activity in application logs and implement web application firewall rules to detect XSS attempts

🔍 How to Verify

Check if Vulnerable:

Check Nagios Network Analyzer version in web interface or configuration files. If version is earlier than 2024R1, system is vulnerable.

Check Version:

Check web interface footer or /usr/local/nagiosna/version.txt file

Verify Fix Applied:

After upgrade, verify version shows 2024R1 or later. Test Source Groups page functionality to ensure it works without errors.

📡 Detection & Monitoring

Log Indicators:

Unusual POST requests to Source Groups endpoints
Suspicious JavaScript payloads in URL parameters or form submissions

Network Indicators:

Multiple requests to Source Groups page from single IP
Unusual patterns in web traffic to percentile calculator functions

SIEM Query:

web.url:*sourcegroups* AND (web.param:*script* OR web.param:*javascript* OR web.param:*onload* OR web.param:*onerror*)

📊 Metadata

CVE ID: CVE-2025-34278

CVSS v3 Score: 5.4 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

CWE: CWE-79

EPSS Score: 0.71% exploit probability (71.9th percentile)

Published: October 30, 2025

Last Updated: November 6, 2025

🔗 References

https://www.nagios.com/changelog/#network-analyzer Release Notes
https://www.nagios.com/products/security/#network-analyzer Product
https://www.vulncheck.com/advisories/nagios-network-analyzer-source-groups-percentile-calculator-menu-stored-xss Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-34278, you might also want to check these: