Cloud Vulnerability DB
A community-led vulnerabilities database
Vulnerability DatabaseCVE-2025-54957
CVE-2025-54957:
vulnerability analysis and mitigation
Overview
CVE-2024-54957 affects Nagios XI version 2024R1.2.2, involving an open redirect vulnerability on the Tools page that can be exploited by users with read-only permissions. The vulnerability was discovered and disclosed to MITRE on February 27, 2025, and received initial analysis from NIST on July 7, 2025 (NVD).
Technical details
The vulnerability is classified as an open redirect flaw (CWE-601) that allows attackers to craft malicious links redirecting users to arbitrary external URLs without their consent. The CVSS v3.1 base score is 6.1 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N, as assessed by CISA-ADP (NVD).
Impact
When exploited, this vulnerability enables attackers to redirect users to malicious external websites without their knowledge or consent. The impact is particularly concerning as it affects users with read-only permissions, potentially exposing them to phishing attacks or other malicious content (NVD).
Mitigation and workarounds
Nagios has released security advisories and patches for this vulnerability. Users are advised to update to the latest version of Nagios XI beyond 2024R1.2.2 (Nagios Security).
Additional resources
Source: This report was generated using AI
Free Vulnerability Assessment
Benchmark your Cloud Security Posture
Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.
Additional Wiz resources
Get a personalized demo
Ready to see Wiz in action?
"Best User Experience I have ever seen, provides full visibility to cloud workloads."
David EstlickCISO
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
Adam FletcherChief Security Officer
"We know that if Wiz identifies something as critical, it actually is."
Greg PoniatowskiHead of Threat and Vulnerability Management