CVE-2025-44824
published 2025-10-07CVE-2025-44824: Nagios Log Server before 2024R1.3.2 allows authenticated users (with read-only API access) to stop the Elasticsearch service via a…
PriorityP342medium6.5CVSS 3.1
AVNACLPRLUINSUCNINAH
EPSS
2.67%
83.9th percentile
Nagios Log Server before 2024R1.3.2 allows authenticated users (with read-only API access) to stop the Elasticsearch service via a /nagioslogserver/index.php/api/system/stop?subsystem=elasticsearch call. The service stops even though "message": "Could not stop elasticsearch" is in the API response. This is GL:NLS#474.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| nagios | log_server | < 2024R1.3.2 | 2024R1.3.2 |
| nagios | log_server | < 2024 | 2024 |
| nagios | log_server | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Suricata
ET WEB_SPECIFIC_APPS Nagios Log Server API Unauthorized Access to Elasticsearch Service (CVE-2025-44824)
suricata·2025-10-21·CVSS 8.5
CVE-2025-44824 [HIGH] ET WEB_SPECIFIC_APPS Nagios Log Server API Unauthorized Access to Elasticsearch Service (CVE-2025-44824)
ET WEB_SPECIFIC_APPS Nagios Log Server API Unauthorized Access to Elasticsearch Service (CVE-2025-44824)
Rule: alert http any any -> $HOME_NET any (msg:"ET WEB_SPECIFIC_APPS Nagios Log Server API Unauthorized Access to Elasticsearch Service (CVE-2025-44824)"; flow:established,to_server; http.uri; content:"/nagioslogserver/index.php/api/system/stop|3f|"; fast_pattern; content:"subsystem|3d|elasticsearch"; reference:url,nvd.nist.gov/vuln/detail/CVE-2025-44824; reference:cve,2025-44824; classtype:web-application-attack; sid:2065282; rev:1; metadata:affected_product Nagios, attack_target Server, tls_state TLSDecrypt, created_at 2025_10_21, cve CVE_2025_44824, deployment Perimeter, deployment Internal, deployment SSLDecrypt, confidence High, signature_severity Major, tag Exploit, tag Descripti
No public exploits indexed.
2025-10-07
Published