CVE-2025-67835
📋 TL;DR
This vulnerability allows authenticated attackers to cause a Denial-of-Service (DoS) condition in Paessler PRTG Network Monitor by exploiting the Notification Contacts functionality. Systems running PRTG Network Monitor versions before 25.4.114 are affected. The attack requires valid authentication credentials to exploit.
💻 Affected Systems
- Paessler PRTG Network Monitor
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Complete service disruption of PRTG Network Monitor, preventing network monitoring, alerting, and reporting capabilities until service is restored.
Likely Case
Temporary service interruption requiring manual restart or system recovery, disrupting monitoring operations during the outage.
If Mitigated
Minimal impact with proper access controls and monitoring in place to detect and respond to suspicious authentication attempts.
🎯 Exploit Status
Exploitation requires valid authentication credentials. The specific technique involves manipulating Notification Contacts functionality to trigger the DoS condition.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 25.4.114
Vendor Advisory: https://helpdesk.paessler.com/en/support/solutions/articles/76000087289-vulnerabilities-in-prtg-prior-v25-4-114-1032
Restart Required: Yes
Instructions:
1. Backup current PRTG configuration. 2. Download PRTG version 25.4.114 or later from Paessler website. 3. Run the installer and follow upgrade prompts. 4. Restart PRTG services after installation completes.
🔧 Temporary Workarounds
Restrict Access to PRTG Web Interface
allLimit access to PRTG web interface to trusted IP addresses only using firewall rules or network segmentation.
Implement Strong Authentication Controls
allEnforce strong password policies, enable multi-factor authentication, and regularly review user accounts with PRTG access.
🧯 If You Can't Patch
- Implement strict access controls to limit PRTG web interface access to authorized personnel only
- Monitor authentication logs for suspicious activity and implement alerting for multiple failed login attempts
🔍 How to Verify
Check if Vulnerable:
Check PRTG version in web interface under Setup > System Administration > Version InformationCheck Version:
Not applicable - check via web interface or PRTG APIVerify Fix Applied:
Verify version shows 25.4.114 or higher after patching and test Notification Contacts functionality📡 Detection & Monitoring
Log Indicators:
- Multiple authentication attempts from single source
- Unusual Notification Contacts modifications
- PRTG service crash or restart events
Network Indicators:
- Unusual traffic patterns to PRTG web interface
- Multiple requests to Notification Contacts endpoints
SIEM Query:
source="PRTG" AND (event_type="authentication" OR event_type="service_crash")