Nagios XI versions prior to 2024R1.1.3 contain a privilege escalation vulnerability in which an authenticated administrator could leverage the Migrate Server feature to obtain root privileges on the underlying XI host. By abusing the migration workflow, an admin-level attacker could execute actions outside the intended security scope of the application, resulting in full control of the operating system.
References
| Link | Resource |
|---|---|
| https://www.nagios.com/changelog/nagios-xi/ | Release Notes |
| https://www.nagios.com/products/security/#nagios-xi | Vendor Advisory |
| https://www.vulncheck.com/advisories/nagios-xi-privilege-escalation-via-migrate-server-feature-to-root-on-host | Third Party Advisory |
Configurations
Configuration 1 (hide)
|
History
06 Nov 2025, 16:24
| Type | Values Removed | Values Added |
|---|---|---|
| References | () https://www.nagios.com/changelog/nagios-xi/ - Release Notes | |
| References | () https://www.nagios.com/products/security/#nagios-xi - Vendor Advisory | |
| References | () https://www.vulncheck.com/advisories/nagios-xi-privilege-escalation-via-migrate-server-feature-to-root-on-host - Third Party Advisory | |
| CPE | cpe:2.3:a:nagios:nagios_xi:*:*:*:*:*:*:*:* cpe:2.3:a:nagios:nagios_xi:2024:r1:*:*:*:*:*:* cpe:2.3:a:nagios:nagios_xi:2024:r1.1.1:*:*:*:*:*:* cpe:2.3:a:nagios:nagios_xi:2024:r1.1.2:*:*:*:*:*:* cpe:2.3:a:nagios:nagios_xi:2024:r1.0.1:*:*:*:*:*:* cpe:2.3:a:nagios:nagios_xi:2024:r1.0.2:*:*:*:*:*:* cpe:2.3:a:nagios:nagios_xi:2024:r1.1:*:*:*:*:*:* |
|
| First Time |
Nagios nagios Xi
Nagios |
|
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.2 |
03 Nov 2025, 22:16
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2025-11-03 22:16
Updated : 2025-11-06 16:24
NVD link : CVE-2024-13997
Mitre link : CVE-2024-13997
CVE.ORG link : CVE-2024-13997
JSON object : View
Products Affected
nagios
- nagios_xi
CWE
CWE-269
Improper Privilege Management