CVE-2025-60425 – Nagios Fusion versions 2024R1.2 and 2024R2 fail... (How to Fix)

Q: What is the severity of CVE-2025-60425?

CVE-2025-60425 has a CVSS score of 8.6 (HIGH). Nagios Fusion versions 2024R1.2 and 2024R2 fail to invalidate existing session tokens when enabling two-factor authentication, allowing attackers to hijack active sessions. This vulnerability affects organizations using these specific Nagios Fusion versions with 2FA enabled. Attackers can bypass 2FA protections and gain unauthorized access to monitoring systems.

📋 TL;DR

Nagios Fusion versions 2024R1.2 and 2024R2 fail to invalidate existing session tokens when enabling two-factor authentication, allowing attackers to hijack active sessions. This vulnerability affects organizations using these specific Nagios Fusion versions with 2FA enabled. Attackers can bypass 2FA protections and gain unauthorized access to monitoring systems.

💻 Affected Systems

Products:

Nagios Fusion

Versions: 2024R1.2 and 2024R2

Operating Systems: Linux

Default Config Vulnerable: ✅ No

Notes: Only vulnerable when two-factor authentication is enabled. Systems without 2FA are not affected.

📦 What is this software?

Fusion by Nagios

View all CVEs affecting Fusion →

Fusion by Nagios

View all CVEs affecting Fusion →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers gain administrative access to Nagios Fusion, potentially compromising entire monitoring infrastructure, exfiltrating sensitive data, or disrupting monitoring services across the organization.

🟠

Likely Case

Attackers hijack existing administrator or user sessions to access monitoring dashboards, view sensitive infrastructure data, and potentially modify monitoring configurations.

🟢

If Mitigated

With proper network segmentation and access controls, impact is limited to the Nagios Fusion instance itself, though monitoring data remains at risk.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires an existing valid session token before 2FA is enabled. Attackers must capture or predict session tokens.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check Nagios Fusion changelog for latest version

Vendor Advisory: https://www.nagios.com/changelog/#fusion

Restart Required: Yes

Instructions:

1. Backup current Nagios Fusion configuration
2. Download latest Nagios Fusion version from official Nagios website
3. Follow Nagios Fusion upgrade documentation
4. Restart Nagios Fusion services
5. Verify all sessions are invalidated after 2FA enablement

🔧 Temporary Workarounds

Force Session Invalidation

linux

Manually invalidate all existing sessions after enabling 2FA by clearing session data

# Clear session files (location varies by installation)
rm -rf /usr/local/nagiosfusion/var/sessions/*
# Restart web service
systemctl restart nagiosfusion

Disable 2FA Temporarily

linux

Temporarily disable two-factor authentication until patching can be completed

# Edit Nagios Fusion configuration to disable 2FA
# Configuration file location varies - consult Nagios documentation

🧯 If You Can't Patch

Implement strict network access controls to limit Nagios Fusion access to trusted IPs only
Monitor for unusual session activity and implement session timeout policies

🔍 How to Verify

Check if Vulnerable:

Check Nagios Fusion version and verify if 2FA is enabled. Test by enabling 2FA and checking if existing sessions remain valid.

Check Version:

grep 'version' /usr/local/nagiosfusion/var/log/nagiosfusion.log | tail -1

Verify Fix Applied:

After patching, enable 2FA and verify all existing sessions are invalidated. Attempt to use old session tokens to confirm they no longer work.

📡 Detection & Monitoring

Log Indicators:

Multiple successful logins from same user from different IPs
Session tokens used after 2FA enablement
Unusual access patterns to monitoring endpoints

Network Indicators:

Unauthorized API calls to Nagios Fusion endpoints
Session token reuse from different network locations

SIEM Query:

source="nagios_fusion.log" (event="login_success" OR event="session_create") | stats count by src_ip, user | where count > 1

📊 Metadata

CVE ID: CVE-2025-60425

CVSS v3 Score: 8.6 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L

CWE: CWE-491

EPSS Score: 1.64% exploit probability (81.6th percentile)

Published: October 27, 2025

Last Updated: November 5, 2025

🔗 References

https://github.com/aakashtyal/Session-Persistence-After-Enabling-2FA Mitigation,Third Party Advisory
https://github.com/aakashtyal/Session-Persistence-After-Enabling-2FA-CVE-2025-60425 Mitigation,Third Party Advisory
https://www.nagios.com/changelog/#fusion Release Notes

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-60425, you might also want to check these: