Nagios XI version xi-5.7.5 is affected by OS command injection. The vulnerability exists in the file /usr/local/nagiosxi/html/includes/configwizards/windowswmi/windowswmi.inc.php due to improper sanitization of authenticated user-controlled input by a single HTTP request, which can lead to OS command injection on the Nagios XI server.
Advisories

No advisories yet.

Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

Fri, 14 Mar 2025 17:30:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:nagios:nagios_xi:5.7.5:*:*:*:*:*:*:* cpe:2.3:a:nagios:nagios_xi:*:*:*:*:*:*:*:*

Tue, 04 Feb 2025 21:15:00 +0000

Type Values Removed Values Added
Metrics kev

{'dateAdded': '2022-01-18'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'active', 'Technical Impact': 'total'}, 'version': '2.0.3'}


cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2025-07-30T01:38:20.089Z

Reserved: 2021-01-18T00:00:00.000Z

Link: CVE-2021-25296

cve-icon Vulnrichment

Updated: 2024-08-03T19:56:11.223Z

cve-icon NVD

Status : Analyzed

Published: 2021-02-15T13:15:12.683

Modified: 2025-03-14T17:07:31.547

Link: CVE-2021-25296

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.