CVE-2024-58273

7.8 HIGH
Published: October 30, 2025 Modified: November 06, 2025
View on NVD

Description

Nagios Log Server versions prior to 2024R1.0.2 contain a local privilege escalation vulnerability that allows an attacker who could execute commands as the Apache web user (or the backend shell user) to escalate to root on the host.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

CVSS v3.x Details

0.0 Low Medium High Critical 10.0
Vector String
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory
https://www.nagios.com/changelog/#log-server-2024R1
Source: disclosure@vulncheck.com
Release Notes
https://www.nagios.com/products/security/#log-server
Source: disclosure@vulncheck.com
Release Notes
https://www.vulncheck.com/advisories/nagios-log-server-lpe-from-apache-backend-shell-user-to-root
Source: disclosure@vulncheck.com
Third Party Advisory

3 reference(s) from NVD

Quick Stats

CVSS v3 Score
7.8 / 10.0
EPSS (Exploit Probability)
0.0%
4th percentile
Exploitation Status
Not in CISA KEV

Weaknesses (CWE)

CWE-266

Affected Vendors

nagios

Related CVEs

CVE-2025-69261 N/A
CVE-2025-69257 6.7
CVE-2025-69210 N/A
CVE-2025-66823 N/A
CVE-2025-50343 N/A