CVE-2025-28059

High CVSS: 7.5

An access control vulnerability in Nagios Network Analyzer 2024R1.0.3 allows deleted users to retain access to system resources due to improper session invalidation and stale token handling. When an administrator deletes a user account, the backend fails to terminate active sessions and revoke associated API tokens, enabling unauthorized access to restricted functions.

Vendor

Nagios

Product

Network Analyzer

CWE

CWE-613

Yayın Tarihi

2025-04-18 17:15:34

Güncelleme

2025-07-11 13:33:38

Source Identifier

cve@mitre.org

KEV Date Added

Kategoriler

CWE-613 Network Analyzer HIGH Nagios 2025

Referanslar

https://github.com/aakashtyal/Residual-Data-Access-Post-User-Deletion-in-Nagios-Network-Analyzer-Version-2024R1 https://www.nagios.com/changelog/#network-analyze

Benzer Kayıtlar

High

CVE-2026-2041

Nagios Host zabbixagent_configwizard_func Command Injection Remote Code Execution Vulnerability. This vulnerability allo…

High

CVE-2026-2042

Nagios Host monitoringwizard Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote att…

High

CVE-2026-2043

Nagios Host esensors_websensor_configwizard_func Command Injection Remote Code Execution Vulnerability. This vulnerabili…

High

CVE-2025-67254

NagiosXI 2026R1.0.1 build 1762361101 is vulnerable to Directory Traversal in /admin/coreconfigsnapshots.php.

High

CVE-2025-67255

In NagiosXI 2026R1.0.1 build 1762361101, Dashboard parameters lack proper filtering, allowing any authenticated user to…

High

CVE-2025-34288

Nagios XI versions prior to 2026R1.1 are vulnerable to local privilege escalation due to an unsafe interaction between s…