CVE-2025-28131
First published: Tue Apr 01 2025(Updated: )
A Broken Access Control vulnerability in Nagios Network Analyzer 2024R1.0.3 allows low-privilege users with "Read-Only" access to perform administrative actions, including stopping system services and deleting critical resources. This flaw arises due to improper authorization enforcement, enabling unauthorized modifications that compromise system integrity and availability.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Nagios Network Analyzer |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2025-28131?
CVE-2025-28131 is classified as a critical vulnerability due to its potential to allow low-privilege users to perform administrative actions.
How do I fix CVE-2025-28131?
Fixing CVE-2025-28131 involves applying the latest updates from Nagios Network Analyzer to ensure proper access controls are enforced.
Who is affected by CVE-2025-28131?
CVE-2025-28131 affects users of Nagios Network Analyzer 2024R1.0.3, particularly those with 'Read-Only' access.
What actions can low-privilege users perform due to CVE-2025-28131?
Due to CVE-2025-28131, low-privilege users can stop system services and delete critical resources.
What causes CVE-2025-28131?
CVE-2025-28131 is caused by improper authorization enforcement within Nagios Network Analyzer.
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/first-publish-date
- agent/type
- agent/description
- agent/guess-ai
- agent/software-canonical-lookup
- agent/softwarecombine
- agent/author
- agent/source
- agent/tags
- collector/nvd-api
- source/NVD
- agent/last-modified-date
- agent/severity
- agent/weakness
- agent/event
- vendor/nagios
- canonical/nagios network analyzer