N
agios Log Server versions prior to 2024R1.3.2 contain a privilege escalation vulnerability in the account email-change workflow. A user could set their own email to an invalid value and, due to insufficient validation and authorization checks tied to email identity state, trigger inconsistent account state that granted elevated privileges or bypassed intended access controls.
References
| Link | Resource |
|---|---|
| https://www.nagios.com/changelog/nagios-log-server-2024r1/ | Release Notes |
| https://www.vulncheck.com/advisories/nagios-log-server-set-email-privilege-escalation | Third Party Advisory |
Configurations
Configuration 1 (hide)
|
History
06 Nov 2025, 16:27
| Type | Values Removed | Values Added |
|---|---|---|
| CPE | cpe:2.3:a:nagios:log_server:2024:r1.0.2:*:*:*:*:*:* cpe:2.3:a:nagios:log_server:2024:r1.3.1:*:*:*:*:*:* cpe:2.3:a:nagios:log_server:2024:r1.2:*:*:*:*:*:* cpe:2.3:a:nagios:log_server:*:*:*:*:*:*:*:* cpe:2.3:a:nagios:log_server:2024:r1.3:*:*:*:*:*:* cpe:2.3:a:nagios:log_server:2024:r1:*:*:*:*:*:* cpe:2.3:a:nagios:log_server:2024:r1.0.1:*:*:*:*:*:* cpe:2.3:a:nagios:log_server:2024:r1.1:*:*:*:*:*:* |
|
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : 8.8 |
| References | () https://www.nagios.com/changelog/nagios-log-server-2024r1/ - Release Notes | |
| References | () https://www.vulncheck.com/advisories/nagios-log-server-set-email-privilege-escalation - Third Party Advisory | |
| First Time |
Nagios
Nagios log Server |
30 Oct 2025, 22:15
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2025-10-30 22:15
Updated : 2025-11-06 16:27
NVD link : CVE-2025-34298
Mitre link : CVE-2025-34298
CVE.ORG link : CVE-2025-34298
JSON object : View
Products Affected
CWE
CWE-281
Improper Preservation of Permissions