CVE-2025-34271
CRITICALDescription
Nagios Log Server versions prior to 2024R2.0.2 contain a vulnerability in the cluster manager component when requesting sensitive credentials from peer nodes over an unencrypted channel even when SSL/TLS is enabled in the product configuration. As a result, an attacker positioned on the network path can intercept credentials in transit. Captured credentials could allow the attacker to authenticate as a cluster node or service account, enabling further unauthorized access, lateral movement, or system compromise.
CVSS v3.1 Score
Weakness Type (CWE)
Affected Products
| Vendor | Product |
|---|---|
| nagios | log_server |
| nagios | log_server |
| nagios | log_server |
| nagios | log_server |
| nagios | log_server |
| nagios | log_server |
| nagios | log_server |
| nagios | log_server |
| nagios | log_server |
| nagios | log_server |
| nagios | log_server |
| nagios | log_server |
| nagios | log_server |
| nagios | log_server |
References
Frequently Asked Questions
What is CVE-2025-34271? +
How severe is CVE-2025-34271? +
What products are affected by CVE-2025-34271? +
How do I check if I'm vulnerable to CVE-2025-34271? +
Related Vulnerabilities
This vulnerability exists in GX Earth ONT models due to the transmission of user credentials in plaintext over HTTP in …
STER uses unencrypted TCP traffic to transmit data over the network. It allows an attacker to conduct a Man-In-The-Middle attack …
This vulnerability exists in e-Sushrut due to exposure of OTPs in plaintext within API responses. A remote attacker could exploit …
A Credential Exposure Vulnerability exists in the above-mentioned product and version. The vulnerability is due to using HTTP resulting in …
This vulnerability exists in the Meon KYC solutions due to transmission of sensitive data in plain text within the response …
Cleartext Transmission of Sensitive Information vulnerability in Crestron Automate VX allows Sniffing Network Traffic. The device allows Web UI and …