Nagios XI versions prior to 2024R2 contain an improperly owned script, process_perfdata.pl, which is executed periodically as the nagios user but owned by www-data. Because the file was writable by www-data, an attacker with web server privileges could modify its contents, leading to arbitrary code execution as the nagios user when the script is next run. This improper ownership and permission configuration enables local privilege escalation.
PUBLISHED5.2CWE-732
Nagios XI < 2024R2 Privilege Escalation via process_perfdata.pl
Problem type
Affected products
Nagios
XI
< 2024R2 - AFFECTED
References
nagios.com
https://www.nagios.com/changelog/nagios-xi/
vulncheck.com
https://www.vulncheck.com/advisories/nagios-xi-privilege-escalation-via-improperly-owned-script
JSON source
Click to expand
{
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"cveMetadata": {
"cveId": "CVE-2025-34287",
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"dateUpdated": "2025-10-31T13:56:07.335Z",
"dateReserved": "2025-04-15T19:15:22.581Z",
"datePublished": "2025-10-30T21:39:43.482Z",
"state": "PUBLISHED"
},
"containers": {
"cna": {
"providerMetadata": {
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck",
"dateUpdated": "2025-10-30T21:39:43.482Z"
},
"title": "Nagios XI < 2024R2 Privilege Escalation via process_perfdata.pl",
"descriptions": [
{
"lang": "en",
"value": "Nagios XI versions prior to 2024R2 contain an improperly owned script, process_perfdata.pl, which is executed periodically as the nagios user but owned by www-data. Because the file was writable by www-data, an attacker with web server privileges could modify its contents, leading to arbitrary code execution as the nagios user when the script is next run. This improper ownership and permission configuration enables local privilege escalation.",
"supportingMedia": [
{
"type": "text/html",
"base64": false,
"value": "Nagios XI versions prior to 2024R2 contain an improperly owned script, process_perfdata.pl, which is executed periodically as the nagios user but owned by www-data. Because the file was writable by www-data, an attacker with web server privileges could modify its contents, leading to arbitrary code execution as the nagios user when the script is next run. This improper ownership and permission configuration enables local privilege escalation.<br>"
}
]
}
],
"affected": [
{
"vendor": "Nagios",
"product": "XI",
"modules": [
"process_perfdata.pl"
],
"defaultStatus": "unaffected",
"versions": [
{
"version": "0",
"status": "affected",
"versionType": "custom",
"lessThan": "2024R2"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"lang": "en",
"description": "CWE-732 Incorrect Permission Assignment for Critical Resource",
"cweId": "CWE-732",
"type": "CWE"
}
]
}
],
"references": [
{
"url": "https://www.nagios.com/changelog/nagios-xi/",
"tags": [
"release-notes",
"patch"
]
},
{
"url": "https://www.vulncheck.com/advisories/nagios-xi-privilege-escalation-via-improperly-owned-script",
"tags": [
"third-party-advisory"
]
}
],
"impacts": [
{
"capecId": "CAPEC-233",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-233 Privilege Escalation"
}
]
}
],
"metrics": [
{
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"solutions": [
{
"lang": "en",
"value": "Nagios addresses this vulnerability as \"Changed ownership on process_perfdata.pl to prevent permission escalation\"",
"supportingMedia": [
{
"type": "text/html",
"base64": false,
"value": "<span style=\"background-color: rgb(255, 255, 255);\">Nagios addresses this vulnerability as \"</span><span style=\"background-color: rgb(255, 255, 255);\">Changed ownership on process_perfdata.pl to prevent permission escalation\"</span><br>"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "M. Cory Billington of theyhack.me",
"type": "finder"
}
]
},
"adp": [
{
"providerMetadata": {
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP",
"dateUpdated": "2025-10-31T13:56:07.335Z"
},
"title": "CISA ADP Vulnrichment",
"metrics": [
{}
]
}
]
}
}