TROYANOSYVIRUS
Volver a CVEs

CVE-2025-28059

HIGH
7.5

Descripcion

An access control vulnerability in Nagios Network Analyzer 2024R1.0.3 allows deleted users to retain access to system resources due to improper session invalidation and stale token handling. When an administrator deletes a user account, the backend fails to terminate active sessions and revoke associated API tokens, enabling unauthorized access to restricted functions.

Detalles CVE

Puntuacion CVSS v3.17.5
SeveridadHIGH
Vector CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Vector de ataqueNETWORK
ComplejidadLOW
Privilegios requeridosNONE
Interaccion usuarioNONE
Publicado4/18/2025
Ultima modificacion7/11/2025
Fuentenvd
Avistamientos honeypot0

Productos afectados

nagios:network_analyzer

Debilidades (CWE)

CWE-613

Referencias

https://github.com/aakashtyal/Residual-Data-Access-Post-User-Deletion-in-Nagios-Network-Analyzer-Version-2024R1(cve@mitre.org)
https://www.nagios.com/changelog/#network-analyze(cve@mitre.org)

Correlaciones IOC

Sin correlaciones registradas

This product uses data from the NVD API but is not endorsed or certified by the NVD.