CVE-2025-34227

UNKNOWN 0.0

Nagios XI < 2026R1 Configuration Wizard Authenticated Command Injection

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

0th

Nagios XI < 2026R1 is vulnerable to an authenticated command injection vulnerability within the MongoDB Database, MySQL Query, MySQL Server, Postgres Server, and Postgres Query wizards. It is possible to inject shell characters into arguments provided to the service and execute arbitrary system commands on the underlying host as the `nagios` user.

CWE	CWE-78
Vendor	nagios
Product	nagios xi
Published	Sep 25, 2025
Last Updated	Feb 26, 2026

Stay Ahead of the Next One

Get instant alerts for nagios nagios xi

Be the first to know when new unknown vulnerabilities affecting nagios nagios xi are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

Nagios / Nagios XI

* < 2026R1

References

NVD ↗ CVE.org ↗ EPSS Data ↗

nagios.com: https://www.nagios.com/changelog/ nagios.com: https://www.nagios.com/products/security/ vulncheck.com: https://www.vulncheck.com/advisories/nagios-xi-config-wizard-auth-command-injection theyhack.me: https://theyhack.me/CVE-2025-34227-Nagios-XI-Wizard-Command-Injection/

Credits

M. Cory Billington of theyhack.me