VYPR
Unrated severityNVD Advisory· Published Oct 30, 2025· Updated Nov 17, 2025

Nagios Log Server < 2024R2.0.2 Cluster Manager Credential Requests Sent Over Plaintext

CVE-2025-34271

Description

Nagios Log Server versions prior to 2024R2.0.2 contain a vulnerability in the cluster manager component when requesting sensitive credentials from peer nodes over an unencrypted channel even when SSL/TLS is enabled in the product configuration. As a result, an attacker positioned on the network path can intercept credentials in transit. Captured credentials could allow the attacker to authenticate as a cluster node or service account, enabling further unauthorized access, lateral movement, or system compromise.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Nagios/Log Serverllm-fuzzy2 versions
    <2024R2.0.2+ 1 more
    • (no CPE)range: <2024R2.0.2
    • (no CPE)range: 0

Patches

Vulnerability mechanics

References

3

News mentions

0

No linked articles in our index yet.