Unrated severityCISA KEVNVD Advisory· Published Feb 15, 2021· Updated Oct 21, 2025
CVE-2021-25296
CVE-2021-25296
Description
Nagios XI version xi-5.7.5 is affected by OS command injection. The vulnerability exists in the file /usr/local/nagiosxi/html/includes/configwizards/windowswmi/windowswmi.inc.php due to improper sanitization of authenticated user-controlled input by a single HTTP request, which can lead to OS command injection on the Nagios XI server.
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
6- nagios.commitre
- packetstormsecurity.com/files/161561/Nagios-XI-5.7.5-Remote-Code-Execution.htmlmitre
- packetstormsecurity.com/files/170924/Nagios-XI-5.7.5-Remote-Code-Execution.htmlmitre
- assets.nagios.com/downloads/nagiosxi/versions.phpmitre
- github.com/fs0c-sh/nagios-xi-5.7.5-bugs/blob/main/README.mdmitre
- www.fastly.com/blog/anatomy-of-a-command-injection-cve-2021-25296-7-8-with-metasploit-module-andmitre
News mentions
0No linked articles in our index yet.