CVE-2025-67254
Directory Traversal in NagiosXI /admin/coreconfigsnapshots.php
Publication date: 2025-12-29
Last updated on: 2025-12-29
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| nagios | xi | 2026r1.0.1 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a Directory Traversal issue in NagiosXI 2026R1.0.1 build 1762361101, specifically in the /admin/coreconfigsnapshots.php component. It allows an attacker to access files and directories outside the intended directory, potentially exposing sensitive information.
How can this vulnerability impact me? :
The Directory Traversal vulnerability can allow attackers to read arbitrary files on the server, which may lead to exposure of sensitive data, configuration files, or credentials, potentially compromising the security of the affected system.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring for suspicious HTTP GET requests targeting the vulnerable endpoint `/nagiosxi/admin/coreconfigsnapshots.php` with the `currentdiff` parameter containing directory traversal patterns such as `../../../../../../../../etc/hosts`. For example, you can use network traffic inspection tools like tcpdump or Wireshark to filter HTTP requests to this path. Additionally, you can use curl or wget commands to test the vulnerability manually, e.g., `curl -i "http://<nagiosxi-server>/nagiosxi/admin/coreconfigsnapshots.php?currentdiff=../../../../../../../../etc/hosts&archive=0"` to see if sensitive files are exposed. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include restricting access to the vulnerable endpoint `/admin/coreconfigsnapshots.php` by implementing proper access controls, such as IP whitelisting or authentication enforcement. Additionally, monitor and block suspicious requests containing directory traversal patterns in the `currentdiff` parameter. Applying any available patches or updates from Nagios XI for version 2026R1.0.1 is recommended once released. As a temporary measure, consider disabling or restricting the affected functionality if possible. [1]