← back
CVE-2021-25297

CVE-2021-25297

CVSS 8.8 HIGHEPSS 40.6%● KEVCWE-78
Vexday Risk Score
98Fix now
SSVC decision (CISA)
Act
Exploitation + impact → act immediately
CVSS 8.8EPSS 40.6%KEV simPoC públicaNuclei simMetasploit simPatch
Lifecycle
13 Feb 2021Metasploit module available
15 Feb 2021Published on NVD
18 Jan 2022Active exploitation (CISA KEV)
Recommendation: Patch as soon as possible — active exploitation confirmed.
In short

Nagios XI version 5.7.5 has a flaw that allows authenticated users to run dangerous commands on the server by sending specially crafted requests. An attacker with login access can take control of the entire system.

Technical detail

OS command injection vulnerability in /usr/local/nagiosxi/html/includes/configwizards/switch/switch.inc.php due to insufficient input sanitization of authenticated user input. An authenticated attacker can inject arbitrary OS commands through a single HTTP request, achieving remote code execution with server privileges.

Summary generated and translated by AI from the official description.
Nagios XI version xi-5.7.5 is affected by OS command injection. The vulnerability exists in the file /usr/local/nagiosxi/html/includes/configwizards/switch/switch.inc.php due to improper sanitization of authenticated user-controlled input by a single HTTP request, which can lead to OS command injection on the Nagios XI server.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected products
n/a · n/a
public PoCs found2
cve_referencepacketstormsecurity.com/files/161561/Nagios-XI-5.7.5-Remote-Code-Execution.htmlunverifiedcve_referencepacketstormsecurity.com/files/170924/Nagios-XI-5.7.5-Remote-Code-Execution.htmlunverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://nagios.comhttp://packetstormsecurity.com/files/161561/Nagios-XI-5.7.5-Remote-Code-Execution.htmlhttp://packetstormsecurity.com/files/170924/Nagios-XI-5.7.5-Remote-Code-Execution.htmlhttps://assets.nagios.com/downloads/nagiosxi/versions.phphttps://github.com/fs0c-sh/nagios-xi-5.7.5-bugs/blob/main/README.mdhttps://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-25297https://www.fastly.com/blog/anatomy-of-a-command-injection-cve-2021-25296-7-8-with-metasploit-module-and