← back
CVE-2025-34283

Nagios XI < 2024R1.4.2 API Key Disclosure via Neptune Themes

CVSS 7.1 HIGHEPSS 0.9%CWE-497
Nagios XI versions prior to 2024R1.4.2 revealed API keys to users who were not authorized for API access when using Neptune themes. An authenticated user without API privileges could view another user's or their own API key value.
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
Affected products
Nagios · XI

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://www.nagios.com/changelog/nagios-xi/https://www.nagios.com/products/security/#nagios-xihttps://www.vulncheck.com/advisories/nagios-xi-api-key-disclosure-via-neptune-themes