CVE-2025-44824

High CVSS: 8.5

Nagios Log Server before 2024R1.3.2 allows authenticated users (with read-only API access) to stop the Elasticsearch service via a /nagioslogserver/index.php/api/system/stop?subsystem=elasticsearch call. The service stops even though "message": "Could not stop elasticsearch" is in the API response. This is GL:NLS#474.

Vendor

Nagios

Product

Log Server

CWE

CWE-863

Yayın Tarihi

2025-10-07 20:15:35

Güncelleme

2025-11-06 16:40:35

Source Identifier

cve@mitre.org

KEV Date Added

Kategoriler

CWE-863 Log Server HIGH Nagios 2025

Referanslar

https://github.com/skraft9/nagios-log-server-dos https://www.nagios.com/changelog/#log-server https://github.com/skraft9/nagios-log-server-dos

Benzer Kayıtlar

High

CVE-2026-2041

Nagios Host zabbixagent_configwizard_func Command Injection Remote Code Execution Vulnerability. This vulnerability allo…

High

CVE-2026-2042

Nagios Host monitoringwizard Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote att…

High

CVE-2026-2043

Nagios Host esensors_websensor_configwizard_func Command Injection Remote Code Execution Vulnerability. This vulnerabili…

High

CVE-2025-67254

NagiosXI 2026R1.0.1 build 1762361101 is vulnerable to Directory Traversal in /admin/coreconfigsnapshots.php.

High

CVE-2025-67255

In NagiosXI 2026R1.0.1 build 1762361101, Dashboard parameters lack proper filtering, allowing any authenticated user to…

High

CVE-2025-34288

Nagios XI versions prior to 2026R1.1 are vulnerable to local privilege escalation due to an unsafe interaction between s…