CVE-2025-34287: 
Nagios XI vulnerability analysis and mitigation

A local privilege escalation vulnerability (CVE-2025-34287) was discovered in Nagios XI versions prior to 2024R2. The vulnerability stems from an improperly owned script, process_perfdata.pl, which is executed periodically as the nagios user but owned by www-data. The vulnerability was discovered by M. Cory Billington and disclosed on October 30, 2025 (VulnCheck Advisory).

The vulnerability is caused by incorrect permission assignment for a critical resource (CWE-732). The process_perfdata.pl script, which runs with nagios user privileges, was writable by the www-data user. The vulnerability has a CVSS v4.0 base score of 8.4 (HIGH) with the vector string CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N, indicating local access requirements with low attack complexity (VulnCheck Advisory).

An attacker with web server privileges (www-data) could modify the contents of process_perfdata.pl, leading to arbitrary code execution with nagios user privileges when the script is next executed. This allows for local privilege escalation from www-data to nagios user permissions (VulnCheck Advisory).

The vulnerability was fixed in Nagios XI version 2024R2 by changing the ownership of process_perfdata.pl to prevent permission escalation. Users should upgrade to version 2024R2 or later to address this security issue (Nagios Changelog).