CVE-2025-34322

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2025-34322
Nagios Log Server versions prior to 2026R1.0.1 contain an authenticated command injection vulnerability in the experimental 'Natural Language Queries' feature. When this feature is configured, certain user-controlled settings—including model selection and connection parameters—are read from the global configuration and concatenated into a shell command that is executed via shell_exec() without proper input handling or command-line argument sanitation. An authenticated user with access to the 'Global Settings' page can supply crafted values in these fields to inject additional shell commands, resulting in arbitrary command execution as the 'www-data' user and compromise of the Log Server host.

7.2 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.2 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://theyhack.me/Rooting-Nagios-Log-Server/
https://www.nagios.com/changelog/nagios-log-server/nagios-log-server-2026r1-0-1/ Release Notes
https://www.nagios.com/products/security/#log-server Vendor Advisory
https://www.vulncheck.com/advisories/nagios-log-server-authenticated-command-injection-via-natural-language-queries Third Party Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:nagios:log_server:*:*:*:*:*:*:*:*
cpe:2.3:a:nagios:log_server:2026:r1:*:*:*:*:*:*
History

26 Nov 2025, 15:15

Type Values Removed Values Added
References
  • () https://theyhack.me/Rooting-Nagios-Log-Server/ -

24 Nov 2025, 21:16

Type Values Removed Values Added
Summary (en) Nagios Log Server versions prior to 2026R1.0.1 contain an authenticated command injection vulnerability via the experimental 'Natural Language Queries' feature. Configuration values for this feature are read from the application settings and incorporated into a system command without adequate validation or restriction of special characters. An authenticated user with access to global configuration can abuse these settings to execute arbitrary operating system commands with the privileges of the web server account, leading to compromise of the Log Server host. (en) Nagios Log Server versions prior to 2026R1.0.1 contain an authenticated command injection vulnerability in the experimental 'Natural Language Queries' feature. When this feature is configured, certain user-controlled settings—including model selection and connection parameters—are read from the global configuration and concatenated into a shell command that is executed via shell_exec() without proper input handling or command-line argument sanitation. An authenticated user with access to the 'Global Settings' page can supply crafted values in these fields to inject additional shell commands, resulting in arbitrary command execution as the 'www-data' user and compromise of the Log Server host.

20 Nov 2025, 21:48

Type Values Removed Values Added
CPE cpe:2.3:a:nagios:log_server:*:*:*:*:*:*:*:*
cpe:2.3:a:nagios:log_server:2026:r1:*:*:*:*:*:*
First Time Nagios log Server
Nagios
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 7.2
References () https://www.nagios.com/changelog/nagios-log-server/nagios-log-server-2026r1-0-1/ - () https://www.nagios.com/changelog/nagios-log-server/nagios-log-server-2026r1-0-1/ - Release Notes
References () https://www.nagios.com/products/security/#log-server - () https://www.nagios.com/products/security/#log-server - Vendor Advisory
References () https://www.vulncheck.com/advisories/nagios-log-server-authenticated-command-injection-via-natural-language-queries - () https://www.vulncheck.com/advisories/nagios-log-server-authenticated-command-injection-via-natural-language-queries - Third Party Advisory

17 Nov 2025, 18:15

Type Values Removed Values Added
New CVE
Information

Published : 2025-11-17 18:15

Updated : 2025-11-26 15:15

NVD link : CVE-2025-34322

Mitre link : CVE-2025-34322

CVE.ORG link : CVE-2025-34322

JSON object : View

Products Affected

nagios

  • log_server
CWE
CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')