CVE-2025-34283

📊 7.1 HIGH⚡ 0.4%🎯 0 exploits

📅 Published Oct 30, 2025

📋 Status: Received

Nagios XI versions prior to 2024R1.4.2 revealed API keys to users who were not authorized for API access when using Neptune themes. An authenticated user without API privileges could view another user's or their own API key value.

Metrics

7.1 HIGHCVSS v4.0[email protected]

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

🔍 Technical Details

Analysis Status

Received

CVSS Details

7.1 (HIGH)v4.0

Source: [email protected]

EPSS Details

0.4% (Minimal)59.5th percentile

Last updated: Oct 31, 2025

Exploitation probability within 30 days

Published Date

Oct 30, 2025 (2 days ago)

Last Modified

Oct 30, 2025 (2 days ago)

Security Weaknesses1

CWE-497

References4

NVDadvisorygeneral+1