cvedb.io
CVE-2021-25297
HIGH · CVSS 8.8 ⚠ KEV — EXPLOITED
EPSS exploitation probability: 98%
⚠ Listed in the CISA Known Exploited Vulnerabilities catalog — actively exploited.
Published 2022-01-18 · Last modified 2026-07-06T12:40:07.047

Summary

Nagios XI version xi-5.7.5 is affected by OS command injection. The vulnerability exists in the file /usr/local/nagiosxi/html/includes/configwizards/switch/switch.inc.php due to improper sanitization of authenticated user-controlled input by a single HTTP request, which can lead to OS command injection on the Nagios XI server.

Affected products

Nagios — Nagios XI

Does this affect you?

Add your gear to cvedb and we'll alert you only when Nagios ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.