Vulnerabilities

CVE-2025-34288 - Nagios XI Privilege Escalation via Writable PHP Include Executed with Sudo

2025-12-17 0 views admin

CVE ID : CVE-2025-34288 Published : Dec. 16, 2025, 11:15 p.m. | 1 hour, 5 minutes ago Description : Nagios XI versions prior to 2026R1.1 are vulnerable to local privilege escalation due to an unsafe interaction between sudo permissions and application file permissions. A user‑accessible maintenance script may be executed as root via sudo and includes an application file that is writable by a lower‑privileged user. A local attacker with access to the application account can modify this file to introduce malicious code, which is then executed with elevated privileges when the script is run. Successful exploitation results in arbitrary code execution as the root user. Severity: 8.6 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVE Details

CVE ID

CVE-2025-34288

Severity

HIGH

Published

Dec. 16, 2025

Attack Vector: local

Impact: privilege escalation

Source: Telegram CVE Monitor

🏷️ Tags

cvevulnerabilitysecuritycybersecuritycve-2025-34288high

CVE-2025-34288 - Nagios XI Privilege Escalation via Writable PHP Include Executed with Sudo

CVE Details

🏷️ Tags

More from Vulnerabilities

CVE-2025-68613 - n8n Vulnerable to Remote Code Execution via Expression Injection

CVE-2023-53945 - BrainyCP 1.0 Remote Code Execution via Authenticated Crontab Manipulation

CVE-2023-53946 - Arcsoft PhotoStudio 6.0.0.172 Unquoted Service Path Privilege Escalation

CVE-2023-53947 - OCS Inventory NG 2.3.0.0 Unquoted Service Path Privilege Escalation

Trending

CVE-2025-61481: Critical Remote Code Execution Vulnerability in MikroTik RouterOS & SwitchOS

CVE-2025-43939: Dell Unity OS Command Injection (High)

Google disputes false claims of massive Gmail data breach

Microsoft: DNS outage impacts Azure and Microsoft 365 services

3.5B Accounts, 1 Critical Flaw: Meta Closes WhatsApp Data-Harvesting