CVE-2025-34283
Unknown
Unknown - Not Provided
BaseFortify
Publication date: 2025-10-30
Last updated on: 2025-11-06
Assigner: VulnCheck
Description
Description
Nagios XI versions prior to 2024R1.4.2 revealed API keys to users who were not authorized for API access when using Neptune themes. An authenticated user without API privileges could view another user's or their own API key value.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| nagios | nagios_xi | to 2024 (exc) |
| nagios | nagios_xi | 2024 |
| nagios | nagios_xi | 2024 |
| nagios | nagios_xi | 2024 |
| nagios | nagios_xi | 2024 |
| nagios | nagios_xi | 2024 |
| nagios | nagios_xi | 2024 |
| nagios | nagios_xi | 2024 |
| nagios | nagios_xi | 2024 |
| nagios | nagios_xi | 2024 |
| nagios | nagios_xi | 2024 |
| nagios | nagios_xi | 2024 |
| nagios | nagios_xi | 2024 |
| nagios | nagios_xi | 2024 |
| nagios | nagios_xi | 2024 |
| nagios | nagios_xi | 2024 |
| nagios | nagios_xi | 2024 |
| nagios | nagios_xi | 2024 |
| nagios | nagios_xi | 2024 |
| nagios | nagios_xi | 2024 |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-497 | The product does not properly prevent sensitive system-level information from being accessed by unauthorized actors who do not have the same level of access to the underlying system as the product does. |
Attack-Flow Graph
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70