CVE-2025-34278 MEDIUM

CVE-2025-34278: Nagios Network Analyzer < 2024R1 Source Groups / Percentile Calculator Menu Stored XSS

Vendor Nagios

Product Network Analyzer

Weakness CWE-79 · XSS

Published October 30, 2025

Last update November 17, 2025

View on NVD All CVEs

CVSS base score

5.1/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction —

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N

What the vulnerability does

01Description

Nagios Network Analyzer versions prior to 2024R1 contain a stored cross-site scripting (XSS) vulnerability in the Source Groups page (percentile calculator menu). An attacker can supply a malicious payload which is stored by the application and later rendered in the context of other users. When a victim views the affected page the injected script executes in the victim's browser context.

Key dates

02Disclosure timeline

October 30, 2025 CVE published

November 17, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2025-34278 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/79.html

Related vulnerabilities

CVE-2025-34278: Nagios Network Analyzer < 2024R1 Source Groups / Percentile Calculator Menu Stored XSS

01Description

02Disclosure timeline

03References

04Related CVE