Unrated severityNVD Advisory· Published Apr 18, 2025· Updated Apr 22, 2025
CVE-2025-28059
CVE-2025-28059
Description
An access control vulnerability in Nagios Network Analyzer 2024R1.0.3 allows deleted users to retain access to system resources due to improper session invalidation and stale token handling. When an administrator deletes a user account, the backend fails to terminate active sessions and revoke associated API tokens, enabling unauthorized access to restricted functions.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2(expand)+ 1 more
- (no CPE)
- (no CPE)range: = 2024R1.0.3
Patches
Vulnerability mechanics
References
1News mentions
0No linked articles in our index yet.