Nagios Log Server < 2024R1.3.2: Authenticated Admin API Key Retrieval via get_users API
CVE-2025-44823 Published on October 7, 2025
Nagios Log Server before 2024R1.3.2 allows authenticated users to retrieve cleartext administrative API keys via a /nagioslogserver/index.php/api/system/get_users call. This is GL:NLS#475.
Weakness Type
Exposure of Sensitive System Information to an Unauthorized Control Sphere
The application does not properly prevent sensitive system-level information from being accessed by unauthorized actors who do not have the same level of access to the underlying system as the application does.
Products Associated with CVE-2025-44823
Want to know whenever a new CVE is published for Nagios Log Server? stack.watch will email you.
Affected Versions
Nagios Log Server:- Before 2024R1.3.2 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.