CVE-2025-34272
Unknown
Unknown - Not Provided
BaseFortify
Publication date: 2025-10-30
Last updated on: 2025-11-06
Assigner: VulnCheck
Description
Description
In Nagios Log Server versions prior to 2024R2.0.3, when a user's configured default dashboard is deleted, the application does not reliably fall back to an empty, default dashboard. In some implementations this can result in an unexpected dashboard being presented as the user's default view. Depending on the product's dashboard sharing and access policies, this behavior may cause information exposure or unexpected privilege exposure.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| nagios | log_server | to 2024 (exc) |
| nagios | log_server | 2024 |
| nagios | log_server | 2024 |
| nagios | log_server | 2024 |
| nagios | log_server | 2024 |
| nagios | log_server | 2024 |
| nagios | log_server | 2024 |
| nagios | log_server | 2024 |
| nagios | log_server | 2024 |
| nagios | log_server | 2024 |
| nagios | log_server | 2024 |
| nagios | log_server | 2024 |
| nagios | log_server | 2024 |
| nagios | log_server | 2024 |
| nagios | log_server | 2024 |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-200 | The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information. |
Attack-Flow Graph
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70