CVE Catalog

Actively exploited in the wild

Nagios XI OS Command Injection

Nagios — Nagios XI · Listed in the CISA KEV since 2022-01-18. This indicates confirmed attacks in production environments.

Required action: Apply updates per vendor instructions.

CVE-2021-25298

HighCVSS 8.8KEV
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Very high risk
75.20%

99th percentile — higher than 99% of all known CVEs

Summary

Nagios XI version xi-5.7.5 is vulnerable to OS command injection due to improper input sanitization in the file cloud-vm.inc.php. An authenticated attacker can exploit this via a single HTTP request.

Risk Assessment

Successful exploitation allows arbitrary command execution on the Nagios XI server, leading to full system compromise and potential control over monitored infrastructure.

Recommendation

Upgrade Nagios XI to the latest patched version immediately and restrict administrative interface access to trusted users only.

Original NVD description (English source)

Nagios XI version xi-5.7.5 is affected by OS command injection. The vulnerability exists in the file /usr/local/nagiosxi/html/includes/configwizards/cloud-vm/cloud-vm.inc.php due to improper sanitization of authenticated user-controlled input by a single HTTP request, which can lead to OS command injection on the Nagios XI server.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS