CVE-2018-25122 in Nagiosinfo

Zusammenfassung

von MITRE • 31.10.2025

Nagios XI versions prior to 5.4.13 contain a remote code execution vulnerability in the Component Download page. The download/import handler used unsafe command construction with attacker-controlled input and lacked sufficient validation and output encoding, allowing an authenticated user to inject commands or otherwise execute arbitrary code with the privileges of the application service.

If you want to get best quality of vulnerability data, you may have to visit VulDB.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Zuständig

VulnCheck

Reservieren

29.10.2025

Veröffentlichung

31.10.2025

Moderieren

akzeptiert

Eintrag

VDB-330632

CPE

bereit

CWE

CWE-78 (bestätigt)

CVSS

8.8 (VulDB)

EPSS

0.02055

KEV

nein

Aktivitäten

very low

Sektor

Transportation, Energy, ...

Quellen

MITRE	https://www.cve.org/CVERecord?id=CVE-2018-25122
NVD	https://nvd.nist.gov/vuln/detail/CVE-2018-25122
CVE Details	https://www.cvedetails.com/cve/CVE-2018-25122/

◂ Zurück Übersicht Weiter ▸

Might our Artificial Intelligence support you?

Check our Alexa App!