Nagios XI<5.5.7 Priv Esc via MRTG Graphing Component
CVE-2018-25123 Published on October 30, 2025
Nagios XI < 5.5.7 Privilege Escalation via MRTG Graphing Component
Nagios XI versions prior to 5.5.7 contain a privilege escalation vulnerability in the MRTG graphing component. MRTG-related processes/scripts executed with excessive privileges, allowing a local attacker with limited system access to abuse file/command execution paths or writable resources to gain elevated privileges.
Weakness Type
Execution with Unnecessary Privileges
The software performs an operation at a privilege level that is higher than the minimum level required, which creates new weaknesses or amplifies the consequences of other weaknesses.
Products Associated with CVE-2018-25123
You can be notified by email with stack.watch whenever vulnerabilities like CVE-2018-25123 are published in these products:
Affected Versions
Nagios XI:- Before 5.5.7 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.