cbcvebase.
CVE-2025-28131
published 2025-04-01

CVE-2025-28131: A Broken Access Control vulnerability in Nagios Network Analyzer 2024R1.0.3 allows low-privilege users with "Read-Only" access to perform administrative…

PriorityP421medium4.6CVSS 3.1
AVAACLPRLUINSUCNILAL
EPSS
0.36%
27.6th percentile
A Broken Access Control vulnerability in Nagios Network Analyzer 2024R1.0.3 allows low-privilege users with "Read-Only" access to perform administrative actions, including stopping system services and deleting critical resources. This flaw arises due to improper authorization enforcement, enabling unauthorized modifications that compromise system integrity and availability.

Affected

8 ranges
VendorProductVersion rangeFixed in
msrcazl3_gcc_13.2.0-7_on_azure_linux_3.0
msrcazl3_golang_1.23.8-1_on_azure_linux_3.0
msrcazl3_golang_1.23.9-1_on_azure_linux_3.0
msrcazl3_golang_1.24.3-1_on_azure_linux_3.0
msrcazl3_python-tensorboard_2.16.2-6_on_azure_linux_3.0
msrccbl2_golang_1.18.5-1_on_cbl_mariner_2.0
msrccm1_golang_1.18.5-1_on_cbl_mariner_1.0
nagiosnetwork_analyzer

CVSS provenance

nvdv3.14.6MEDIUMCVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L
vendor_msrc7.5HIGH
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.