Session Token Reuse in Nagios Network Analyzer 2024R1.0.3
CVE-2025-28132 Published on April 1, 2025

A session management flaw in Nagios Network Analyzer 2024R1.0.3 allows an attacker to reuse session tokens even after a user logs out, leading to unauthorized access and account takeover. This occurs due to insufficient session expiration, where session tokens remain valid beyond logout, allowing an attacker to impersonate users and perform actions on their behalf.

NVD

Vulnerability Analysis

Attack Vector:
ADJACENT_NETWORK
Attack Complexity:
LOW
Privileges Required:
LOW
User Interaction:
NONE
Scope:
UNCHANGED
Confidentiality Impact:
LOW
Integrity Impact:
LOW
Availability Impact:
NONE

Weakness Type

Insufficient Session Expiration

According to WASC, "Insufficient Session Expiration is when a web site permits an attacker to reuse old session credentials or session IDs for authorization."


Products Associated with CVE-2025-28132

stack.watch emails you whenever new vulnerabilities are published in Nagios Network Analyzer or Nagios Network Analyzer. Just hit a watch button to start following.

Nagios Network Analyzer
 
Nagios Network Analyzer
 

Exploit Probability

EPSS
0.15%
Percentile
35.62%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.