CVE-2024-14009 CRITICAL

CVE-2024-14009: Nagios XI < 2024R1.0.1 Privilege Escalation via System Profile

Weakness CWE-269

Published October 30, 2025

Last update November 17, 2025

View on NVD All CVEs

CVSS base score

9.4/10

Attack vector Network

Attack complexity Low

Privileges required High

User interaction None

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

What the vulnerability does

01Description

Nagios XI versions prior to 2024R1.0.1 contain a privilege escalation vulnerability in the System Profile component. The System Profile feature is an administrative diagnostic/configuration capability. Due to improper access controls and unsafe handling of exported/imported profile data and operations, an authenticated administrator could exploit this vulnerability to execute actions on the underlying XI host outside the application's security scope. Successful exploitation may allow an administrator to obtain root privileges on the XI server.

Key dates

02Disclosure timeline

October 30, 2025 CVE published

November 17, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2024-14009 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/269.html

Related vulnerabilities

CVE-2024-14009: Nagios XI < 2024R1.0.1 Privilege Escalation via System Profile

01Description

02Disclosure timeline

03References

04Related CVE