CVE-2021-25296
CVE-2021-25296
Vexday Risk Score
100Fix now
SSVC decision (CISA)
Act
Exploitation + impact → act immediately
Exploit maturity
Functional exploit
Automatable exploit available (Nuclei/Metasploit).
CVSS 8.8EPSS 71.5%KEV simPoC públicaNuclei simMetasploit simPatch —
Lifecycle
13 Feb 2021Metasploit module available
15 Feb 2021Published on NVD
18 Jan 2022Active exploitation (CISA KEV)
Weaponization speed
337 daysto active exploitation (KEV)
Recommendation: Patch as soon as possible — active exploitation confirmed.
In short
Nagios XI version 5.7.5 allows authenticated users to inject operating system commands through unsanitized input in the Windows WMI configuration wizard, potentially taking over the server.
Technical detail
OS command injection vulnerability in /usr/local/nagiosxi/html/includes/configwizards/windowswmi/windowswmi.inc.php affecting Nagios XI 5.7.5. Attack requires authentication; attacker can execute arbitrary OS commands via malformed HTTP request with unsanitized parameters in the Windows WMI wizard, achieving remote code execution on the server.
Summary generated and translated by AI from the official description.
Nagios XI version xi-5.7.5 is affected by OS command injection. The vulnerability exists in the file /usr/local/nagiosxi/html/includes/configwizards/windowswmi/windowswmi.inc.php due to improper sanitization of authenticated user-controlled input by a single HTTP request, which can lead to OS command injection on the Nagios XI server.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected products
n/a · n/apublic PoCs found — 2
cve_referencepacketstormsecurity.com/files/161561/Nagios-XI-5.7.5-Remote-Code-Execution.htmlunverifiedcve_referencepacketstormsecurity.com/files/170924/Nagios-XI-5.7.5-Remote-Code-Execution.htmlunverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
References
http://packetstormsecurity.com/files/161561/Nagios-XI-5.7.5-Remote-Code-Execution.htmlhttp://packetstormsecurity.com/files/170924/Nagios-XI-5.7.5-Remote-Code-Execution.htmlhttps://assets.nagios.com/downloads/nagiosxi/versions.phphttps://github.com/fs0c-sh/nagios-xi-5.7.5-bugs/blob/main/README.mdhttps://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-25296https://www.fastly.com/blog/anatomy-of-a-command-injection-cve-2021-25296-7-8-with-metasploit-module-and