Unrated severityNVD Advisory· Published Sep 25, 2025· Updated Feb 26, 2026
Nagios XI < 2026R1 Configuration Wizard Authenticated Command Injection
CVE-2025-34227
Description
Nagios XI < 2026R1 is vulnerable to an authenticated command injection vulnerability within the MongoDB Database, MySQL Query, MySQL Server, Postgres Server, and Postgres Query wizards. It is possible to inject shell characters into arguments provided to the service and execute arbitrary system commands on the underlying host as the nagios user.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2Patches
Vulnerability mechanics
References
4- theyhack.me/CVE-2025-34227-Nagios-XI-Wizard-Command-Injection/mitretechnical-descriptionexploit
- www.nagios.com/changelog/mitrevendor-advisorypatch
- www.nagios.com/products/security/mitrevendor-advisorypatch
- www.vulncheck.com/advisories/nagios-xi-config-wizard-auth-command-injectionmitrethird-party-advisory
News mentions
0No linked articles in our index yet.