Security News > 2025 > April > Critical flaws fixed in Nagios Log Server

The Nagios Security Team has fixed three critical vulnerabilities affecting popular enterprise log management and analysis platform Nagios Log Server. About the flaws The vulnerabilities, discovered and reported by security researchers Seth Kraft and Alex Tisdale, include: 1. A stored XSS vulnerability (CVE-2025-29471) in the web interface of Nagios Log Server that allows a standard (low-privilege) user to inject a malicious JavaScript payload into their profile’s ’email’ field to achieve privilege escalation. “When an administrator … More → The post Critical flaws fixed in Nagios Log Server appeared first on Help Net Security.
News URL
https://www.helpnetsecurity.com/2025/04/15/critical-flaws-fixed-in-nagios-log-server/
Related news
- New Critical AMI BMC Vulnerability Enables Remote Server Takeover and Bricking (source)
- Critical AMI MegaRAC bug can let attackers hijack, brick servers (source)
- Hackers Exploit Critical Craft CMS Flaws; Hundreds of Servers Likely Compromised (source)
- Critical Langflow RCE flaw exploited to hack AI app servers (source)
- Apache Parquet exploit tool detect servers vulnerable to critical flaw (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2025-04-15 | CVE-2025-29471 | Unspecified vulnerability in Nagios LOG Server 2024 Cross Site Scripting vulnerability in Nagios Log Server v.2024R1.3.1 allows a remote attacker to execute arbitrary code via a payload into the Email field. | 0.0 |