Nagios Log Server <2024R1.3.2 Priv Esc via Email-Change Workflows
CVE-2025-34298 Published on October 30, 2025
Nagios Log Server < 2024R1.3.2 Set Email Privilege Escalation
Nagios Log Server versions prior to 2024R1.3.2 contain a privilege escalation vulnerability in the account email-change workflow. A user could set their own email to an invalid value and, due to insufficient validation and authorization checks tied to email identity state, trigger inconsistent account state that granted elevated privileges or bypassed intended access controls.
Weakness Type
Improper Preservation of Permissions
The software does not preserve permissions or incorrectly preserves permissions when copying, restoring, or sharing objects, which can cause them to have less restrictive permissions than intended.
Products Associated with CVE-2025-34298
Want to know whenever a new CVE is published for Nagios Log Server? stack.watch will email you.
Affected Versions
Nagios Log Server:- Before 2024R1.3.2 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.