Nagios XI before 2024R1.2 RCE via NRDP
CVE-2024-14003 Published on October 30, 2025
Nagios XI < 2024R1.2 RCE via NRDP Server Plugins
Nagios XI versions prior to 2024R1.2 are vulnerable to remote code execution (RCE) through its NRDP (Nagios Remote Data Processor) server plugins. Insufficient validation of inbound NRDP request parameters allows crafted input to reach command execution paths, enabling attackers to execute arbitrary commands on the underlying host in the context of the web/Nagios service.
Weakness Type
What is a Shell injection Vulnerability?
The software constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.
CVE-2024-14003 has been classified to as a Shell injection vulnerability or weakness.
Products Associated with CVE-2024-14003
You can be notified by email with stack.watch whenever vulnerabilities like CVE-2024-14003 are published in these products:
Affected Versions
Nagios XI:- Before 2024R1.2 is unknown.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.