CVE-2025-34273

Nagios Log Server versions prior to 2024R2.0.3 contain an incorrect authorization vulnerability that allows non-administrator users to delete global dashboards. The application did not correctly enforce authorization checks for the global dashboard deletion workflow, enabling lower-privileged users to remove dashboards that affect other users or the overall monitoring UI.

CVSS v3 6.5 MEDIUM

6.5^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://www.nagios.com/changelog/#log-server	Release Notes
https://www.nagios.com/products/security/#log-server-2024R2	Vendor Advisory
https://www.vulncheck.com/advisories/nagios-log-server-non-admin-dashboard-deletion	Third Party Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:nagios:log_server::::::::
	cpe:2.3:a:nagios:log_server:2024:r1::::::
	cpe:2.3:a:nagios:log_server:2024:r1.0.1::::::
	cpe:2.3:a:nagios:log_server:2024:r1.0.2::::::
	cpe:2.3:a:nagios:log_server:2024:r1.1::::::
	cpe:2.3:a:nagios:log_server:2024:r1.2::::::
	cpe:2.3:a:nagios:log_server:2024:r1.3::::::
	cpe:2.3:a:nagios:log_server:2024:r1.3.1::::::
	cpe:2.3:a:nagios:log_server:2024:r1.3.2::::::
	cpe:2.3:a:nagios:log_server:2024:r1.3.3::::::
	cpe:2.3:a:nagios:log_server:2024:r1.3.4::::::
	cpe:2.3:a:nagios:log_server:2024:r1.3.5::::::
	cpe:2.3:a:nagios:log_server:2024:r2::::::
	cpe:2.3:a:nagios:log_server:2024:r2.0.1::::::
	cpe:2.3:a:nagios:log_server:2024:r2.0.2::::::

History

06 Nov 2025, 16:28

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 6.5
First Time		Nagios log Server Nagios
References	~~() https://www.nagios.com/changelog/#log-server -~~	() https://www.nagios.com/changelog/#log-server - Release Notes
References	~~() https://www.nagios.com/products/security/#log-server-2024R2 -~~	() https://www.nagios.com/products/security/#log-server-2024R2 - Vendor Advisory
References	~~() https://www.vulncheck.com/advisories/nagios-log-server-non-admin-dashboard-deletion -~~	() https://www.vulncheck.com/advisories/nagios-log-server-non-admin-dashboard-deletion - Third Party Advisory
CPE		cpe:2.3:a:nagios:log_server:2024:r1.3.2:::::: cpe:2.3:a:nagios:log_server:2024:r1:::::: cpe:2.3:a:nagios:log_server:2024:r1.3.4:::::: cpe:2.3:a:nagios:log_server:2024:r1.0.2:::::: cpe:2.3:a:nagios:log_server:2024:r1.1:::::: cpe:2.3:a:nagios:log_server:2024:r1.3:::::: cpe:2.3:a:nagios:log_server:::::::: cpe:2.3:a:nagios:log_server:2024:r1.3.3:::::: cpe:2.3:a:nagios:log_server:2024:r1.2:::::: cpe:2.3:a:nagios:log_server:2024:r1.3.1:::::: cpe:2.3:a:nagios:log_server:2024:r1.0.1:::::: cpe:2.3:a:nagios:log_server:2024:r2.0.1:::::: cpe:2.3:a:nagios:log_server:2024:r2.0.2:::::: cpe:2.3:a:nagios:log_server:2024:r1.3.5:::::: cpe:2.3:a:nagios:log_server:2024:r2::::::

30 Oct 2025, 22:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-10-30 22:15

Updated : 2025-11-06 16:28

NVD link : CVE-2025-34273

Mitre link : CVE-2025-34273

CVE.ORG link : CVE-2025-34273

JSON object : View

Products Affected

nagios

log_server

CWE

CWE-863

Incorrect Authorization

6.5 /10