CVE-2025-56432
MediumCVSS 6.1Exploitation Probability (EPSS)
Elevated risk53th percentile - higher than 53% of all known CVEs
Summary
A cross-site scripting (XSS) vulnerability exists in Nagios XI 2024R2. The vulnerability allows remote attackers to execute arbitrary JavaScript in the context of a logged-in user's session via a specially crafted URL. The issue resides in a web component responsible for rendering performance-related data.
Risk Assessment
An attacker could hijack an administrator session, steal credentials, or modify monitoring configuration, leading to confidentiality and integrity breaches.
Recommendation
Immediately upgrade Nagios XI to the latest patched version. Until then, restrict web interface access to trusted IP addresses only.
Original NVD description (English source)
A cross-site scripting (XSS) vulnerability exists in Nagios XI 2024R2. The vulnerability allows remote attackers to execute arbitrary JavaScript in the context of a logged-in user's session via a specially crafted URL. The issue resides in a web component responsible for rendering performance-related data.

