Nagios XI < 2024R2 Privilege Escalation via process_perfdata.pl

Advisories

severity: high
date: 10/30/2025
Affecting: XI < 2024R2
CVE: CVE-2025-34287
CWE: CWE-732 Incorrect Permission Assignment for Critical Resource
CVSS: 8.4
CVSS V4 Vector: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N
References: Nagios XI Security Disclosures
Nagios XI Changelog
Credit: M. Cory Billington of theyhack.me
Description: Nagios XI versions prior to 2024R2 contain an improperly owned script, process_perfdata.pl, which is executed periodically as the nagios user but owned by www-data. Because the file was writable by www-data, an attacker with web server privileges could modify its contents, leading to arbitrary code execution as the nagios user when the script is next run. This improper ownership and permission configuration enables local privilege escalation.

Ready to get Started?

Explore VulnCheck, a next-generation Cyber Threat Intelligence platform, which provides exploit and vulnerability intelligence to help you prioritize and remediate vulnerabilities that matter.

Vulnerability Prioritization
Prioritize vulnerabilities that matter based on the threat landscape and defer vulnerabilities that don't.
Early Warning System
Real-time alerting of changes in the vulnerability landscape so that you can take action before the attacks start.

Schedule a Demo