Nagios XI versions prior to 2024R1.1.4 contain a local... · CVE-2024-14002 · GitHub Advisory Database · GitHub

Nagios XI versions prior to 2024R1.1.4 contain a local...

High severity Unreviewed Published Oct 31, 2025 to the GitHub Advisory Database • Updated Oct 31, 2025

Package

No package listed— Suggest a package

Affected versions

Unknown

Patched versions

Unknown

Description

Nagios XI versions prior to 2024R1.1.4 contain a local file inclusion (LFI) vulnerability via its NagVis integration. An authenticated user can supply crafted path values that cause the server to include local files, potentially exposing sensitive information from the underlying host.

References

Published by the National Vulnerability Database

Oct 30, 2025

Published to the GitHub Advisory Database Oct 31, 2025

Last updated Oct 31, 2025

Severity

High

/ 10

CVSS v4 base metrics

Exploitability Metrics

Attack Vector Network

Attack Complexity Low

Attack Requirements None

Privileges Required Low

User interaction None

Vulnerable System Impact Metrics

Confidentiality High

Integrity None

Availability None

Subsequent System Impact Metrics

Confidentiality None

Integrity None

Availability None

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X