[Vulnerability Alert] Nagios XI has high-risk security vulnerabilities (CVE-2025-34134, CVE-2025-34284, and CVE-2025-34286), please confirm and patch as soon as possible

• Subject: [Vulnerability Alert] Nagios XI has high-risk security vulnerabilities (CVE-2025-34134, CVE-2025-34284, and CVE-2025-34286), please confirm and patch as soon as possible

• Content:
  • Forwarded from National Information Security Information Sharing and Analysis Center NISAC-200-202511-00000041
  • Researchers have discovered Operating System Command Injection (OS Command Injection) vulnerabilities (CVE-2025-34134, CVE-2025-34284, and CVE-2025-34286) in Nagios XI. An unauthenticated remote attacker can inject arbitrary operating system commands and execute them on the server. This vulnerability has already been exploited by hackers, so please confirm and patch it as soon as possible.
• Affected Platforms:
  • CVE-2025-34134 affects Nagios XI versions prior to 2024R1.4.2
  • CVE-2025-34284 affects Nagios XI versions prior to 2024R2
  • CVE-2025-34286 affects Nagios XI versions prior to 2026R1
• Recommended Measures:
  • Update Nagios XI to version 2026R1 or later (inclusive)
• References:
  1. https://www.nagios.com/products/security/#nagios-xi
  2. https://www.cve.org/CVERecord?id=CVE-2025-34134
  3. https://www.cve.org/CVERecord?id=CVE-2025-34284
  4. https://www.cve.org/CVERecord?id=CVE-2025-34286

Computer and Communications Center
Network Systems Group