CVE-2025-28132
First published: Tue Apr 01 2025(Updated: )
A session management flaw in Nagios Network Analyzer 2024R1.0.3 allows an attacker to reuse session tokens even after a user logs out, leading to unauthorized access and account takeover. This occurs due to insufficient session expiration, where session tokens remain valid beyond logout, allowing an attacker to impersonate users and perform actions on their behalf.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Nagios Network Analyzer |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2025-28132?
CVE-2025-28132 has been classified as a high severity vulnerability due to its potential for unauthorized access and account takeover.
How do I fix CVE-2025-28132?
To fix CVE-2025-28132, update Nagios Network Analyzer to the latest version where session expiration is properly implemented.
What impact does CVE-2025-28132 have on my system?
CVE-2025-28132 allows attackers to reuse session tokens, risking unauthorized access to user accounts even after logging out.
Which versions of Nagios Network Analyzer are affected by CVE-2025-28132?
CVE-2025-28132 affects Nagios Network Analyzer version 2024R1.0.3 and potentially earlier versions.
How does CVE-2025-28132 exploit session management flaws?
CVE-2025-28132 exploits insufficient session expiration, resulting in session tokens remaining valid after a user logs out.
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/first-publish-date
- agent/type
- agent/description
- agent/guess-ai
- agent/software-canonical-lookup
- agent/softwarecombine
- agent/source
- agent/author
- agent/tags
- collector/nvd-api
- source/NVD
- agent/last-modified-date
- agent/severity
- agent/weakness
- agent/event
- vendor/nagios
- canonical/nagios network analyzer