Nagios Log Server versions prior to 2024R2.0.3 contain an incorrect authorization vulnerability that allows non-administrator users to delete global dashboards. The application did not correctly enforce authorization checks for the global dashboard deletion workflow, enabling lower-privileged users to remove dashboards that affect other users or the overall monitoring UI.

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact None

Vulnerable System Integrity Impact High

Vulnerable System Availability Impact Low

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact total

Affected Vendors & Products

Vendors Products
Nagios
  • Log Server

Configuration 1 [-]

OR cpe:2.3:a:nagios:log_server:*:*:*:*:*:*:*:*
cpe:2.3:a:nagios:log_server:2024:r1:*:*:*:*:*:*
cpe:2.3:a:nagios:log_server:2024:r1.0.1:*:*:*:*:*:*
cpe:2.3:a:nagios:log_server:2024:r1.0.2:*:*:*:*:*:*
cpe:2.3:a:nagios:log_server:2024:r1.1:*:*:*:*:*:*
cpe:2.3:a:nagios:log_server:2024:r1.2:*:*:*:*:*:*
cpe:2.3:a:nagios:log_server:2024:r1.3:*:*:*:*:*:*
cpe:2.3:a:nagios:log_server:2024:r1.3.1:*:*:*:*:*:*
cpe:2.3:a:nagios:log_server:2024:r1.3.2:*:*:*:*:*:*
cpe:2.3:a:nagios:log_server:2024:r1.3.3:*:*:*:*:*:*
cpe:2.3:a:nagios:log_server:2024:r1.3.4:*:*:*:*:*:*
cpe:2.3:a:nagios:log_server:2024:r1.3.5:*:*:*:*:*:*
cpe:2.3:a:nagios:log_server:2024:r2:*:*:*:*:*:*
cpe:2.3:a:nagios:log_server:2024:r2.0.1:*:*:*:*:*:*
cpe:2.3:a:nagios:log_server:2024:r2.0.2:*:*:*:*:*:*

No data.

References
Link Providers
https://www.nagios.com/changelog/#log-server cve-icon cve-icon
https://www.nagios.com/products/security/#log-server-2024R2 cve-icon cve-icon
https://www.vulncheck.com/advisories/nagios-log-server-non-admin-dashboard-deletion cve-icon cve-icon
History

Thu, 06 Nov 2025 16:30:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:nagios:log_server:*:*:*:*:*:*:*:*
cpe:2.3:a:nagios:log_server:2024:r1.0.1:*:*:*:*:*:*
cpe:2.3:a:nagios:log_server:2024:r1.0.2:*:*:*:*:*:*
cpe:2.3:a:nagios:log_server:2024:r1.1:*:*:*:*:*:*
cpe:2.3:a:nagios:log_server:2024:r1.2:*:*:*:*:*:*
cpe:2.3:a:nagios:log_server:2024:r1.3.1:*:*:*:*:*:*
cpe:2.3:a:nagios:log_server:2024:r1.3.2:*:*:*:*:*:*
cpe:2.3:a:nagios:log_server:2024:r1.3.3:*:*:*:*:*:*
cpe:2.3:a:nagios:log_server:2024:r1.3.4:*:*:*:*:*:*
cpe:2.3:a:nagios:log_server:2024:r1.3.5:*:*:*:*:*:*
cpe:2.3:a:nagios:log_server:2024:r1.3:*:*:*:*:*:*
cpe:2.3:a:nagios:log_server:2024:r1:*:*:*:*:*:*
cpe:2.3:a:nagios:log_server:2024:r2.0.1:*:*:*:*:*:*
cpe:2.3:a:nagios:log_server:2024:r2.0.2:*:*:*:*:*:*
cpe:2.3:a:nagios:log_server:2024:r2:*:*:*:*:*:*
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N'}

Fri, 31 Oct 2025 18:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Fri, 31 Oct 2025 10:15:00 +0000

Type Values Removed Values Added
First Time appeared Nagios
Nagios log Server
Vendors & Products Nagios
Nagios log Server

Thu, 30 Oct 2025 21:30:00 +0000

Type Values Removed Values Added
Description Nagios Log Server versions prior to 2024R2.0.3 contain an incorrect authorization vulnerability that allows non-administrator users to delete global dashboards. The application did not correctly enforce authorization checks for the global dashboard deletion workflow, enabling lower-privileged users to remove dashboards that affect other users or the overall monitoring UI.
Title Nagios Log Server < 2024R2.0.3 Non-Admin Dashboard Deletion
Weaknesses CWE-863
References
Metrics cvssV4_0

{'score': 7.1, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N'}
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published: 2025-10-30T21:24:43.451Z

Updated: 2025-10-31T17:24:00.208Z

Reserved: 2025-04-15T19:15:22.580Z

Link: CVE-2025-34273

cve-icon Vulnrichment

Updated: 2025-10-31T17:23:54.911Z

cve-icon NVD

Status : Analyzed

Published: 2025-10-30T22:15:47.953

Modified: 2025-11-06T16:28:38.233

Link: CVE-2025-34273

cve-icon Redhat

No data.