CVE-2025-44824
Unknown
Unknown - Not Provided
BaseFortify
Publication date: 2025-10-07
Last updated on: 2025-11-06
Assigner: MITRE
Description
Description
Nagios Log Server before 2024R1.3.2 allows authenticated users (with read-only API access) to stop the Elasticsearch service via a /nagioslogserver/index.php/api/system/stop?subsystem=elasticsearch call. The service stops even though "message": "Could not stop elasticsearch" is in the API response. This is GL:NLS#474.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| nagios | log_server | to 2024 (exc) |
| nagios | log_server | 2024 |
| nagios | log_server | 2024 |
| nagios | log_server | 2024 |
| nagios | log_server | 2024 |
| nagios | log_server | 2024 |
| nagios | log_server | 2024 |
| nagios | log_server | 2024 |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-863 | The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in Nagios Log Server before version 2024R1.3.2 allows authenticated users with read-only API access to stop the Elasticsearch service by making a specific API call. Although the API response indicates failure to stop Elasticsearch, the service actually stops.
How can this vulnerability impact me? :
The vulnerability can impact you by allowing an authenticated user with limited access to disrupt the availability of the Elasticsearch service, potentially causing denial of service or interruption of logging and monitoring functions.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70