GCVE - cpe:2.3:a:nagios:nagios_xi:2026:r1.0.1:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:nagios:nagios_xi:2026:r1.0.1:*:*:*:*:*:*

part: a version: 2026 update: r1.0.1

Vendor	Nagios (`7fb1328e-019e-51f8-8fa9-c12efadd1bbe`)
Product	Nagios Xi (`7baa8382-9566-5d4f-a39b-a6738305acfe`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from NVD CPE 2.0 feed

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2025-67255`	vulnerable	2026-06-03 15:11:01.458953	Details available In NagiosXI 2026R1.0.1 build 1762361101, Dashboard parameters lack proper filtering, allowing any authenticated user to exploit a SQL Injection vulnerability. Published: 2025-12-29T00:00:00.000Z Updated: 2025-12-31T16:59:06.948Z Open on db.gcve.eu Reference links https://www.nagios.org/ https://github.com/YongYe-Security/NagiosXI/tree/main	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2025-67254`	vulnerable	2026-06-03 15:11:01.458507	Details available NagiosXI 2026R1.0.1 build 1762361101 is vulnerable to Directory Traversal in /admin/coreconfigsnapshots.php. Published: 2025-12-29T00:00:00.000Z Updated: 2025-12-31T16:59:12.600Z Open on db.gcve.eu Reference links https://www.nagios.org/ https://github.com/YongYe-Security/NagiosXI/tree/main	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2025-34288`	vulnerable	2026-06-03 15:00:44.395746	Nagios XI Privilege Escalation via Writable PHP Include Executed with Sudo Nagios XI versions prior to 2026R1.1 are vulnerable to local privilege escalation due to an unsafe interaction between sudo permissions and application file permissions. A user‑accessible maintenance script may be executed as root via sudo and includes an application file that is writable by a lower‑privileged user. A local attacker with access to the application account can modify this file to introduce malicious code, which is then executed with elevated privileges when the script is run. Successful exploitation results in arbitrary code execution as the root user. Published: 2025-12-16T22:17:02.004Z Updated: 2026-05-14T02:08:10.158Z Open on db.gcve.eu Reference links https://www.nagios.com/changelog/nagios-xi/2026r1-1/ https://www.vulncheck.com/advisories/nagios-xi-privilege-escalation-via-writable-php-include-executed-with-sudo	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.