Vulnerability in Nagios Nagios_xi

CVE-2024-13995

Nagios XI versions prior to 2024R1.1.2 may (confirmed in 2024R1.1 and 2024R1.1.1) disclose sensitive user account information (including API keys and hashed passwords) to authenticated users who should not have access to that data. Exposur…

EPSS: 0.012 (64.0th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 8.8 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H.

Affected products

Weakness classification (CWE)

References

Frequently asked questions

What is CVE-2024-13995?
CVE-2024-13995 is a high-severity vulnerability in Nagios Nagios_xi, classified under Exposure of Sensitive System Information to an Unauthorized Control Sphere. CVSS score: 8.8/10. Published 2025-10-30.
How severe is CVE-2024-13995?
High severity. CVSS v3 base score is 8.8 out of 10.