Home

Description

Nagios XI versions prior to 2024R1.4.2 revealed API keys to users who were not authorized for API access when using Neptune themes. An authenticated user without API privileges could view another user's or their own API key value.

PUBLISHED Reserved 2025-04-15 | Published 2025-10-30 | Updated 2025-10-31 | Assigner VulnCheck




HIGH: 7.1CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Problem types

CWE-497 Exposure of Sensitive System Information to an Unauthorized Control Sphere

Product status

Default status
unaffected

Any version before 2024R1.4.2
unknown

References

www.nagios.com/products/security/ vendor-advisory patch

www.nagios.com/changelog/nagios-xi/ release-notes patch

www.vulncheck.com/...i-api-key-disclosure-via-neptune-themes third-party-advisory

cve.org (CVE-2025-34283)

nvd.nist.gov (CVE-2025-34283)

Download JSON