VYPR
Unrated severityNVD Advisory· Published Oct 30, 2025· Updated Nov 17, 2025

Nagios XI < 5.4.13 Component Download Page RCE

CVE-2018-25122

Description

Nagios XI versions prior to 5.4.13 contain a remote code execution vulnerability in the Component Download page. The download/import handler used unsafe command construction with attacker-controlled input and lacked sufficient validation and output encoding, allowing an authenticated user to inject commands or otherwise execute arbitrary code with the privileges of the application service.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Nagios/XIllm-fuzzy
    Range: <5.4.13
  • Nagios/XIv5
    Range: 0

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.