Home

Description

Nagios Fusion v2024R1.2 and v2024R2 does not invalidate already existing session tokens when the two-factor authentication mechanism is enabled, allowing attackers to perform a session hijacking attack.

PUBLISHED Reserved 2025-09-26 | Published 2025-10-27 | Updated 2025-10-27 | Assigner mitre

References

www.nagios.com/changelog/

github.com/aakashtyal/Session-Persistence-After-Enabling-2FA

github.com/...-Persistence-After-Enabling-2FA-CVE-2025-60425

cve.org (CVE-2025-60425)

nvd.nist.gov (CVE-2025-60425)

Download JSON