Home

Description

Nagios XI versions prior to 2024R1.4.2 configure some systemd unit files with permission sets that were too permissive. In particular, the nagios.service unit had executable permissions that were not required. Overly permissive permissions on service unit files can broaden local attack surface by enabling unintended execution behaviors or facilitating abuse of service operations when combined with other weaknesses.

PUBLISHED Reserved 2025-04-15 | Published 2025-10-30 | Updated 2025-10-31 | Assigner VulnCheck




MEDIUM: 5.1CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

Problem types

CWE-732 Incorrect Permission Assignment for Critical Resource

Product status

Default status
unaffected

Any version before 2024R1.4.2
unknown

References

www.nagios.com/products/security/ vendor-advisory patch

www.nagios.com/changelog/nagios-xi/ release-notes patch

www.vulncheck.com/...ssive-permissions-on-systemd-unit-files third-party-advisory

cve.org (CVE-2025-34135)

nvd.nist.gov (CVE-2025-34135)

Download JSON