Actively exploited in the wild
Nagios XI OS Command Injection
Nagios — Nagios XI · Listed in the CISA KEV since 2022-01-18. This indicates confirmed attacks in production environments.
Required action: Apply updates per vendor instructions.
CVE-2021-25298
HighCVSS 8.8KEVExploitation Probability (EPSS)
Very high risk99th percentile — higher than 99% of all known CVEs
Summary
Nagios XI version xi-5.7.5 is vulnerable to OS command injection due to improper input sanitization in the file cloud-vm.inc.php. An authenticated attacker can exploit this via a single HTTP request.
Risk Assessment
Successful exploitation allows arbitrary command execution on the Nagios XI server, leading to full system compromise and potential control over monitored infrastructure.
Recommendation
Upgrade Nagios XI to the latest patched version immediately and restrict administrative interface access to trusted users only.
Original NVD description (English source)
Nagios XI version xi-5.7.5 is affected by OS command injection. The vulnerability exists in the file /usr/local/nagiosxi/html/includes/configwizards/cloud-vm/cloud-vm.inc.php due to improper sanitization of authenticated user-controlled input by a single HTTP request, which can lead to OS command injection on the Nagios XI server.

