Nagios XI < 2024R1.3.2 contains a remote code execution vulnerability by chaining two flaws: an arbitrary file upload and a path traversal in the Core Config Snapshots interface. The issue arises from insufficient validation of file paths and extensions during MIB upload and snapshot rename operations. Exploitation results in the placement of attacker-controlled PHP files in a web-accessible directory, executed as the www-data user.
Metrics
Affected Vendors & Products
References
History
Thu, 28 Aug 2025 21:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Nagios
Nagios xi |
|
Vendors & Products |
Nagios
Nagios xi |
Thu, 28 Aug 2025 19:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
References |
| |
Metrics |
ssvc
|
Thu, 28 Aug 2025 16:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | Nagios XI < 2024R1.3.2 contains a remote code execution vulnerability by chaining two flaws: an arbitrary file upload and a path traversal in the Core Config Snapshots interface. The issue arises from insufficient validation of file paths and extensions during MIB upload and snapshot rename operations. Exploitation results in the placement of attacker-controlled PHP files in a web-accessible directory, executed as the www-data user. | |
Title | Nagios XI Authenticated Arbitrary File Upload Path Traversal RCE | |
Weaknesses | CWE-22 CWE-434 |
|
References |
| |
Metrics |
cvssV4_0
|

Status: PUBLISHED
Assigner: VulnCheck
Published:
Updated: 2025-08-29T03:55:25.691Z
Reserved: 2025-08-28T15:35:33.691Z
Link: CVE-2024-13986

Updated: 2025-08-28T18:37:00.107Z

Status : Awaiting Analysis
Published: 2025-08-28T16:15:32.883
Modified: 2025-08-29T16:24:29.730
Link: CVE-2024-13986

No data.

Updated: 2025-08-28T21:21:43Z