{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-34283", "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "state": "PUBLISHED", "assignerShortName": "VulnCheck", "dateReserved": "2025-04-15T19:15:22.581Z", "datePublished": "2025-10-30T21:29:37.293Z", "dateUpdated": "2025-11-17T18:21:50.983Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "modules": ["Neptune UI themes"], "product": "XI", "vendor": "Nagios", "versions": [{"lessThan": "2024R1.4.2", "status": "unknown", "version": "0", "versionType": "custom"}]}], "cpeApplicability": [{"operator": "OR", "nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:nagios:nagios_xi:2024:*:*:*:*:*:*:*", "versionEndExcluding": "r1.4.2"}]}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Nagios XI versions prior to&nbsp;2024R1.4.2&nbsp;revealed API keys to users who were not authorized for API access when using Neptune themes. An authenticated user without API privileges could view another user's or their own API key value.<br>"}], "value": "Nagios XI versions prior to\u00a02024R1.4.2\u00a0revealed API keys to users who were not authorized for API access when using Neptune themes. An authenticated user without API privileges could view another user's or their own API key value."}], "metrics": [{"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "baseScore": 7.1, "baseSeverity": "HIGH", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-497", "description": "CWE-497 Exposure of Sensitive System Information to an Unauthorized Control Sphere", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "shortName": "VulnCheck", "dateUpdated": "2025-11-17T18:21:50.983Z"}, "references": [{"tags": ["vendor-advisory", "patch"], "url": "https://www.nagios.com/products/security/#nagios-xi"}, {"tags": ["release-notes", "patch"], "url": "https://www.nagios.com/changelog/nagios-xi/"}, {"tags": ["third-party-advisory"], "url": "https://www.vulncheck.com/advisories/nagios-xi-api-key-disclosure-via-neptune-themes"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">Nagios addresses this vulnerability as \"</span><span style=\"background-color: rgb(255, 255, 255);\">Nagios XI would sometimes reveal API keys to users that were not authorized for API access\" and \"Fixed an issue where an API key was shown to users without API access in Neptune themes.\"</span><br>"}], "value": "Nagios addresses this vulnerability as \"Nagios XI would sometimes reveal API keys to users that were not authorized for API access\" and \"Fixed an issue where an API key was shown to users without API access in Neptune themes.\""}], "source": {"discovery": "UNKNOWN"}, "title": "Nagios XI < 2024R1.4.2 API Key Disclosure via Neptune Themes", "x_generator": {"engine": "vulncheck"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-10-31T15:06:50.951117Z", "id": "CVE-2025-34283", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-10-31T15:06:58.704Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-34283", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-10-31T15:06:50.951117Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-10-31T15:06:54.556Z"}}], "cna": {"title": "Nagios XI < 2024R1.4.2 API Key Disclosure via Neptune Themes", "source": {"discovery": "UNKNOWN"}, "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 7.1, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Nagios", "modules": ["Neptune UI themes"], "product": "XI", "versions": [{"status": "unknown", "version": "0", "lessThan": "2024R1.4.2", "versionType": "custom"}], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "Nagios addresses this vulnerability as \"Nagios XI would sometimes reveal API keys to users that were not authorized for API access\" and \"Fixed an issue where an API key was shown to users without API access in Neptune themes.\"", "supportingMedia": [{"type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">Nagios addresses this vulnerability as \"</span><span style=\"background-color: rgb(255, 255, 255);\">Nagios XI would sometimes reveal API keys to users that were not authorized for API access\" and \"Fixed an issue where an API key was shown to users without API access in Neptune themes.\"</span><br>", "base64": false}]}], "references": [{"url": "https://www.nagios.com/products/security/#nagios-xi", "tags": ["vendor-advisory", "patch"]}, {"url": "https://www.nagios.com/changelog/nagios-xi/", "tags": ["release-notes", "patch"]}, {"url": "https://www.vulncheck.com/advisories/nagios-xi-api-key-disclosure-via-neptune-themes", "tags": ["third-party-advisory"]}], "x_generator": {"engine": "vulncheck"}, "descriptions": [{"lang": "en", "value": "Nagios XI versions prior to\u00a02024R1.4.2\u00a0revealed API keys to users who were not authorized for API access when using Neptune themes. An authenticated user without API privileges could view another user's or their own API key value.", "supportingMedia": [{"type": "text/html", "value": "Nagios XI versions prior to&nbsp;2024R1.4.2&nbsp;revealed API keys to users who were not authorized for API access when using Neptune themes. An authenticated user without API privileges could view another user's or their own API key value.<br>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-497", "description": "CWE-497 Exposure of Sensitive System Information to an Unauthorized Control Sphere"}]}], "cpeApplicability": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:nagios:nagios_xi:2024:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "r1.4.2"}], "operator": "OR"}], "operator": "OR"}], "providerMetadata": {"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "shortName": "VulnCheck", "dateUpdated": "2025-11-17T18:21:50.983Z"}}}, "cveMetadata": {"cveId": "CVE-2025-34283", "state": "PUBLISHED", "dateUpdated": "2025-11-17T18:21:50.983Z", "dateReserved": "2025-04-15T19:15:22.581Z", "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "datePublished": "2025-10-30T21:29:37.293Z", "assignerShortName": "VulnCheck"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:nagios:nagios_xi:*:*:*:*:*:*:*:*", "matchCriteriaId": "62CF7BF4-6AAA-443E-93B4-B2F080091C13", "versionEndExcluding": "2024", "vulnerable": true}, {"criteria": "cpe:2.3:a:nagios:nagios_xi:2024:r1:*:*:*:*:*:*", "matchCriteriaId": "85F1764D-1DD8-44B0-BF5A-2420CB519A3C", "vulnerable": true}, {"criteria": "cpe:2.3:a:nagios:nagios_xi:2024:r1.0.1:*:*:*:*:*:*", "matchCriteriaId": "C1FE1A0B-78D1-4626-A4CD-21B843DA596E", "vulnerable": true}, {"criteria": "cpe:2.3:a:nagios:nagios_xi:2024:r1.0.2:*:*:*:*:*:*", "matchCriteriaId": "CCAB888E-F030-4640-9A18-9E423E553308", "vulnerable": true}, {"criteria": "cpe:2.3:a:nagios:nagios_xi:2024:r1.1:*:*:*:*:*:*", "matchCriteriaId": "C648B0A4-053C-4884-8A37-4AF03053ED1C", "vulnerable": true}, {"criteria": "cpe:2.3:a:nagios:nagios_xi:2024:r1.1.1:*:*:*:*:*:*", "matchCriteriaId": "893EEA99-0096-4C9F-BA8A-246A3E3F6C15", "vulnerable": true}, {"criteria": "cpe:2.3:a:nagios:nagios_xi:2024:r1.1.2:*:*:*:*:*:*", "matchCriteriaId": "A1FDA3F3-DF79-4807-9451-F04B2DB9A2B6", "vulnerable": true}, {"criteria": "cpe:2.3:a:nagios:nagios_xi:2024:r1.1.3:*:*:*:*:*:*", "matchCriteriaId": "9E055065-35A7-458A-A2DB-26634B97EE7C", "vulnerable": true}, {"criteria": "cpe:2.3:a:nagios:nagios_xi:2024:r1.1.4:*:*:*:*:*:*", "matchCriteriaId": "76946B2D-093C-4981-8465-5ADBB98C0676", "vulnerable": true}, {"criteria": "cpe:2.3:a:nagios:nagios_xi:2024:r1.1.5:*:*:*:*:*:*", "matchCriteriaId": "E9112876-7C61-4A72-8F91-023378E82E6D", "vulnerable": true}, {"criteria": "cpe:2.3:a:nagios:nagios_xi:2024:r1.2:*:*:*:*:*:*", "matchCriteriaId": "1443759F-EBD7-4366-A5D3-9FB15CE15B40", "vulnerable": true}, {"criteria": "cpe:2.3:a:nagios:nagios_xi:2024:r1.2.1:*:*:*:*:*:*", "matchCriteriaId": "F85D8CA4-F1AC-4538-925C-1AD00FF7B9C1", "vulnerable": true}, {"criteria": "cpe:2.3:a:nagios:nagios_xi:2024:r1.2.2:*:*:*:*:*:*", "matchCriteriaId": "7FFC081E-728A-4643-A8DF-5CC8E94E7D78", "vulnerable": true}, {"criteria": "cpe:2.3:a:nagios:nagios_xi:2024:r1.3:*:*:*:*:*:*", "matchCriteriaId": "C3D8A858-2F40-4568-BCA0-59CF6033A7FE", "vulnerable": true}, {"criteria": "cpe:2.3:a:nagios:nagios_xi:2024:r1.3.1:*:*:*:*:*:*", "matchCriteriaId": "2D1C8647-F0EB-443F-B18B-338335CE54B7", "vulnerable": true}, {"criteria": "cpe:2.3:a:nagios:nagios_xi:2024:r1.3.2:*:*:*:*:*:*", "matchCriteriaId": "9A695A21-8F5A-4588-91E9-F7AF101B77AD", "vulnerable": true}, {"criteria": "cpe:2.3:a:nagios:nagios_xi:2024:r1.3.3:*:*:*:*:*:*", "matchCriteriaId": "AA587E9E-86DA-41A4-BF3B-56B1488B326A", "vulnerable": true}, {"criteria": "cpe:2.3:a:nagios:nagios_xi:2024:r1.3.4:*:*:*:*:*:*", "matchCriteriaId": "BBCC6B6F-E627-49D4-9FA6-72283B07973A", "vulnerable": true}, {"criteria": "cpe:2.3:a:nagios:nagios_xi:2024:r1.4:*:*:*:*:*:*", "matchCriteriaId": "450E4C8D-FC6B-42E6-A574-61F89AEB1800", "vulnerable": true}, {"criteria": "cpe:2.3:a:nagios:nagios_xi:2024:r1.4.1:*:*:*:*:*:*", "matchCriteriaId": "838E2FEE-8707-4CA9-B877-EE69D32615E2", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Nagios XI versions prior to\u00a02024R1.4.2\u00a0revealed API keys to users who were not authorized for API access when using Neptune themes. An authenticated user without API privileges could view another user's or their own API key value."}], "id": "CVE-2025-34283", "lastModified": "2025-11-06T18:14:36.920", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "disclosure@vulncheck.com", "type": "Secondary"}]}, "published": "2025-10-30T22:15:48.633", "references": [{"source": "disclosure@vulncheck.com", "tags": ["Release Notes"], "url": "https://www.nagios.com/changelog/nagios-xi/"}, {"source": "disclosure@vulncheck.com", "tags": ["Vendor Advisory"], "url": "https://www.nagios.com/products/security/#nagios-xi"}, {"source": "disclosure@vulncheck.com", "tags": ["Third Party Advisory"], "url": "https://www.vulncheck.com/advisories/nagios-xi-api-key-disclosure-via-neptune-themes"}], "sourceIdentifier": "disclosure@vulncheck.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-497"}], "source": "disclosure@vulncheck.com", "type": "Secondary"}]}

{}

{"created": "2025-10-31T10:13:06.623761+00:00", "updated": "2025-10-31T10:13:06.623786+00:00", "vendors": ["nagios", "nagios$PRODUCT$xi"]}