A centralized log monitoring and management solution that collects, processes, and analyzes log data from various sources across IT infrastructure. Nagios Log Server provides real-time log monitoring, alerting capabilities, and customizable dashboards for visualizing log data. It helps organizations track system performance, troubleshoot issues, and maintain compliance requirements through comprehensive log management.

Nagios Log Server

Nagios Log Server versions prior to 2024R2.0.2 contain a vulnerability in the AD/LDAP user import functionality as it fails to obfuscate the password field during import. As a result, the plaintext password supplied for imported accounts may be exposed in the user interface, logs, or other diagnostic output. This can leak sensitive credentials to administrators or anyone with access to import results.

CVE ID	Severity	Score	Technologies	Component name	CISA KEV exploit	Has fix	Published date
CVE-2025-34277	CRITICAL	9.4	Nagios Log Server	cpe:2.3:a:nagios:log_server	No	No	Oct 30, 2025
CVE-2025-34274	CRITICAL	9.3	Nagios Log Server	cpe:2.3:a:nagios:log_server	No	No	Oct 30, 2025
CVE-2025-34298	HIGH	8.7	Nagios Log Server	cpe:2.3:a:nagios:log_server	No	No	Oct 30, 2025
CVE-2025-34322	HIGH	8.6	Nagios Log Server	cpe:2.3:a:nagios:log_server	No	No	Nov 17, 2025
CVE-2025-34323	HIGH	8.5	Nagios Log Server	cpe:2.3:a:nagios:log_server	No	No	Nov 17, 2025

CVE-2025-34270:
Nagios Log Server vulnerability analysis and mitigation

6.9

Related Nagios Log Server vulnerabilities:

Benchmark your Cloud Security Posture

Additional Wiz resources

Cloud Vulnerability DB

Cloud Threat Landscape

PEACH

Ready to see Wiz in action?

CVE-2025-34270: Nagios Log Server vulnerability analysis and mitigation