CVE-2025-34270
MEDIUM EPSS 43.0%
Published Oct 30, 20258mo ago · Modified Jun 17, 20261w ago
6.9 CVSS 4.0
Published Oct 30, 2025 8mo ago
Last Modified Jun 17, 2026 1w ago
Description
Nagios Log Server versions prior to 2024R2.0.2 contain a vulnerability in the AD/LDAP user import functionality as it fails to obfuscate the password field during import. As a result, the plaintext password supplied for imported accounts may be exposed in the user interface, logs, or other diagnostic output. This can leak sensitive credentials to administrators or anyone with access to import results.
CVSS Details
Base Score
Exploitability
Impact
Vector string
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X Attack Vector Network
Attack Complexity Low
Privileges Required High
User Interaction None
Scope X
Threat Intelligence
EPSS Exploit Probability
43.0% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available
Weaknesses 2
CWE-312
CWE-522
Affected Products 14
| Vendor | Product | Version | Range |
|---|---|---|---|
| nagios | log_server | * | <2024 |
| nagios | log_server | 2024 | any |
| nagios | log_server | 2024 | any |
| nagios | log_server | 2024 | any |
| nagios | log_server | 2024 | any |
| nagios | log_server | 2024 | any |
| nagios | log_server | 2024 | any |
| nagios | log_server | 2024 | any |
| nagios | log_server | 2024 | any |
| nagios | log_server | 2024 | any |
| nagios | log_server | 2024 | any |
| nagios | log_server | 2024 | any |
| nagios | log_server | 2024 | any |
| nagios | log_server | 2024 | any |
References 4
- support.nagios.com https://support.nagios.com/kb/article/authenticating-and-importing-users-with-ad-and-ldap-995.html
- nagios.com https://www.nagios.com/changelog/#log-server
- nagios.com https://www.nagios.com/products/security/#log-server-2024R2
- vulncheck.com https://www.vulncheck.com/advisories/nagios-log-server-ad-ldap-import-password-not-obfuscated
Remediation
No remediation data recorded yet
Check vendor advisories and the NVD entry for patch availability.