Nagios Log Server 2024R2.0.3: Default Dashboard Deletion Info Leakage
CVE-2025-34272 Published on October 30, 2025
Nagios Log Server < 2024R2.0.3 Non-Empty Default Dashboard Fallback
In Nagios Log Server versions prior to 2024R2.0.3, when a user's configured default dashboard is deleted, the application does not reliably fall back to an empty, default dashboard. In some implementations this can result in an unexpected dashboard being presented as the user's default view. Depending on the product's dashboard sharing and access policies, this behavior may cause information exposure or unexpected privilege exposure.
Weakness Type
What is an Information Disclosure Vulnerability?
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
CVE-2025-34272 has been classified to as an Information Disclosure vulnerability or weakness.
Products Associated with CVE-2025-34272
Want to know whenever a new CVE is published for Nagios Log Server? stack.watch will email you.
Affected Versions
Nagios Log Server:- Before 2024R2.0.3 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.