AI Sec Watch: A Security Intelligence Platform for AI Systems

Luu, T.J.

CVE-2025-34322: Nagios Log Server versions prior to 2026R1.0.1 contain an authenticated command injection vulnerability in the experimen

highvulnerability

security

Source: NVD/CVE DatabaseNovember 17, 2025CVE-2025-34322

Summary

Nagios Log Server versions before 2026R1.0.1 have a command injection vulnerability (a flaw where attackers can insert malicious commands into input fields) in its experimental Natural Language Queries feature. An authenticated user (someone with a valid login) can exploit this by entering crafted values in the Global Settings page to run arbitrary commands on the server as the 'www-data' user (the account the web server runs under), potentially taking over the entire Log Server.

Solution / Mitigation

Update Nagios Log Server to version 2026R1.0.1 or later.

Vulnerability Details

CVSS Score

7.2(high)

EPSS (30-day exploit probability)

EPSS: 0.4%

Classification

Attack SophisticationModerate

Impact (CIA+S)

confidentialityintegrityavailability

Taxonomy References

CWE (Weakness Type)

CWE-78

CAPEC (Attack Pattern)

CAPEC-88

Original source: https://nvd.nist.gov/vuln/detail/CVE-2025-34322

First tracked: February 15, 2026 at 08:53 PM

Classified by LLM (prompt v3) · confidence: 95%