Source: Ministry of education information & communication security contingency platform
"" "" ""
| Publication Number | TACERT-ANA-2025110603112626 | Publication Time | 2025/11/06 15:34 |
| Incident Type | ANA-Vulnerability Alert | Discovery Time | 2025/11/06 15:34 |
| Impact Level | Medium | ||
| [Subject] 【Vulnerability Alert】High-risk security vulnerabilities (CVE-2025-34134、CVE-2025-34284、and CVE-2025-34286) have been identified in Nagios XI. Please verify and apply the necessary patches as soon as possible. |
|||
| [Content] Forwarded from the National Institute of Cyber Security NISAC-200-202511-00000041 Researchers have discovered operating system command injection (OS Command Injection) vulnerabilities (CVE-2025-34134、CVE-2025-34284、and CVE-2025-34286) in Nagios XI. Remote attackers without authentication can inject arbitrary operating system commands and execute them on the server. These vulnerabilities have been exploited by attackers; please verify and apply patches as soon as possible. Information Sharing Level: WHITE (Information content can be publicly disclosed) |
|||
|
[Affected Platform] CVE-2025-34284 vulnerability affects Nagios XI versions prior to 2024R2 (exclusive). CVE-2025-34286 vulnerability affects Nagios XI versions prior to 2026R1 (exclusive). |
|||
| [Recommended Actions] Update Nagios XI to version 2026R1 or later. |
|||
|
[Reference] 2. https://www.cve.org/CVERecord?id=CVE-2025-34134 3. https://www.cve.org/CVERecord?id=CVE-2025-34284 4. https://www.cve.org/CVERecord?id=CVE-2025-34286 |
|||