CVE Catalog

Actively exploited in the wild

Nagios XI OS Command Injection

Nagios — Nagios XI · Listed in the CISA KEV since 2022-01-18. This indicates confirmed attacks in production environments.

Required action: Apply updates per vendor instructions.

CVE-2021-25297

HighCVSS 8.8KEV
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Very high risk
42.94%

99th percentile — higher than 99% of all known CVEs

Summary

A vulnerability in Nagios XI version xi-5.7.5 allows OS command injection. The issue exists in the switch.inc.php file due to improper sanitization of authenticated user input.

Risk Assessment

An attacker can execute arbitrary system commands on the Nagios XI server, leading to full system compromise and potential control over the monitored infrastructure.

Recommendation

Immediately upgrade Nagios XI to the latest version that includes a fix for this vulnerability. Additionally, restrict access to the administrative panel to trusted users only.

Original NVD description (English source)

Nagios XI version xi-5.7.5 is affected by OS command injection. The vulnerability exists in the file /usr/local/nagiosxi/html/includes/configwizards/switch/switch.inc.php due to improper sanitization of authenticated user-controlled input by a single HTTP request, which can lead to OS command injection on the Nagios XI server.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS