Primary

Context

Nagios XI Privilege Escalation Vulnerability via Migrate Server Feature

Vulnerability

A privilege escalation vulnerability has been identified in Nagios XI versions prior to 2024R1.1.3. This vulnerability allows an authenticated administrator to use the Migrate Server feature to gain root privileges on the host running Nagios XI. By exploiting this migration workflow, an admin-level attacker could perform actions beyond the application's intended security boundaries, leading to full control over the operating system.

Impact

Exploitation of this vulnerability allows for unauthorized privilege escalation, giving an administrator root access on the server hosting Nagios XI.

Reproduction

To reproduce this vulnerability, an authenticated administrator can access the Migrate Server feature within Nagios XI. By manipulating the migration process, it is possible to escalate privileges to root on the underlying host.

Remediation

Users can upgrade to Nagios XI version 2024R1.1.3 or later to address this vulnerability.

Added: Nov 3, 2025, 10:23 PM

Updated: Nov 3, 2025, 10:23 PM

Vulnerability Rating

Custom Algorithm

spread

5.0

impact

10.0

exploitability

5.1

remediation

7.7

relevance

0.8

threat

1.6

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.0

impact

10.0

exploitability

5.1

remediation

7.7

relevance

0.8

threat

1.6

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Nagios XI Privilege Escalation Vulnerability via Migrate Server Feature

Vulnerability

Impact

Reproduction

Remediation

Affected Products

Nagios XI

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating