CVE-2025-28059
HIGHDescription
An access control vulnerability in Nagios Network Analyzer 2024R1.0.3 allows deleted users to retain access to system resources due to improper session invalidation and stale token handling. When an administrator deletes a user account, the backend fails to terminate active sessions and revoke associated API tokens, enabling unauthorized access to restricted functions.
Is your site exposed to CVE-2025-28059?
Run a free security scan — no signup, results in seconds.
CVSS v3.1 Score
Weakness Type (CWE)
Affected Products
| Vendor | Product |
|---|---|
| nagios | network_analyzer |
References
Frequently Asked Questions
What is CVE-2025-28059? +
How severe is CVE-2025-28059? +
What products are affected by CVE-2025-28059? +
How do I check if I'm vulnerable to CVE-2025-28059? +
Related Vulnerabilities
The Data Sharing Framework (DSF) implements a distributed process engine based on the BPMN 2.0 and FHIR R4 standards. Prior …
HAX CMS helps manage microsite universe with PHP or NodeJs backends. Versions prior to 26.0.0 suffer from an improper session …
PlaywrightCapture stored capture-specific configuration and runtime data as mutable class-level variables rather than instance-level variables. Consequently, multiple Capture objects running …
This vulnerability exists in Meon KYC solutions due to improper handling of access and refresh tokens in certain API endpoints …
The Auth0 Next.js SDK is a library for implementing user authentication in Next.js applications. Versions starting from 4.0.1 and prior …
Web sessions in the web interface of Palo Alto Networks Prisma® Cloud Compute Edition do not expire when users are …