Nagios XI <2024R1.1.3 - Priv Esc via Migrate Server
CVE-2024-13997 Published on November 3, 2025
Nagios XI < 2024R1.1.3 Privilege Escalation via Migrate Server Feature to Root on Host
Nagios XI versions prior to 2024R1.1.3 contain a privilege escalation vulnerability in which an authenticated administrator could leverage the Migrate Server feature to obtain root privileges on the underlying XI host. By abusing the migration workflow, an admin-level attacker could execute actions outside the intended security scope of the application, resulting in full control of the operating system.
Weakness Type
Improper Privilege Management
The software does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.
Products Associated with CVE-2024-13997
You can be notified by email with stack.watch whenever vulnerabilities like CVE-2024-13997 are published in these products:
Affected Versions
Nagios XI:- Before 2024R1.1.3 is unknown.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.