CVE-2011-10035: 
Nagios XI vulnerability analysis and mitigation

Nagios XI versions prior to 2011R1.9 contain privilege escalation vulnerabilities in the scripts that install or update system crontab entries. The vulnerability was discovered and disclosed on October 30, 2025, and is tracked as CVE-2011-10035. The affected software is Nagios XI in versions prior to 2011R1.9 (VulnCheck Advisory, NVD).

The vulnerability is classified as a Time-of-check Time-of-use (TOCTOU) Race Condition (CWE-367). Due to time-of-check/time-of-use race conditions and missing synchronization or final-path validation in the crontab installation scripts, the vulnerability can be exploited locally. The CVSS v4.0 base score is 7.3 (HIGH) with the vector: CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N. The CVSS v3.1 base score is 7.0 (HIGH) with the vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H (NVD).

A successful exploitation of this vulnerability allows a local low-privileged user to manipulate filesystem state during crontab installation to influence the files or commands executed with elevated privileges, resulting in execution with higher privileges (VulnCheck Advisory).

Users should upgrade to Nagios XI version 2011R1.9 or later to address this vulnerability (Nagios Changelog).