Actively exploited in the wild
Nagios XI OS Command Injection
Nagios — Nagios XI · Listed in the CISA KEV since 2022-01-18. This indicates confirmed attacks in production environments.
Required action: Apply updates per vendor instructions.
CVE-2021-25296
HighCVSS 8.8KEVExploitation Probability (EPSS)
Very high risk99th percentile — higher than 99% of all known CVEs
Summary
A vulnerability in Nagios XI version xi-5.7.5 allows OS command injection. The issue is in the windowswmi.inc.php file due to improper sanitization of authenticated user input.
Risk Assessment
An authenticated attacker can execute arbitrary commands on the Nagios XI server, leading to full system compromise and potential breach of data confidentiality, integrity, and availability.
Recommendation
Immediately upgrade Nagios XI to the latest version that includes a fix for this vulnerability. Additionally, restrict access to the administrative interface to trusted users only.
Original NVD description (English source)
Nagios XI version xi-5.7.5 is affected by OS command injection. The vulnerability exists in the file /usr/local/nagiosxi/html/includes/configwizards/windowswmi/windowswmi.inc.php due to improper sanitization of authenticated user-controlled input by a single HTTP request, which can lead to OS command injection on the Nagios XI server.

