CVE Catalog

Actively exploited in the wild

Nagios XI OS Command Injection

Nagios — Nagios XI · Listed in the CISA KEV since 2022-01-18. This indicates confirmed attacks in production environments.

Required action: Apply updates per vendor instructions.

CVE-2021-25296

HighCVSS 8.8KEV
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Very high risk
71.74%

99th percentile — higher than 99% of all known CVEs

Summary

A vulnerability in Nagios XI version xi-5.7.5 allows OS command injection. The issue is in the windowswmi.inc.php file due to improper sanitization of authenticated user input.

Risk Assessment

An authenticated attacker can execute arbitrary commands on the Nagios XI server, leading to full system compromise and potential breach of data confidentiality, integrity, and availability.

Recommendation

Immediately upgrade Nagios XI to the latest version that includes a fix for this vulnerability. Additionally, restrict access to the administrative interface to trusted users only.

Original NVD description (English source)

Nagios XI version xi-5.7.5 is affected by OS command injection. The vulnerability exists in the file /usr/local/nagiosxi/html/includes/configwizards/windowswmi/windowswmi.inc.php due to improper sanitization of authenticated user-controlled input by a single HTTP request, which can lead to OS command injection on the Nagios XI server.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS