What is CVE-2025-34227?

CVE-2025-34227 is a vulnerability in Nagios Xi, classified under OS Command Injection. Published 2025-09-25.

Is CVE-2025-34227 known to be exploited?

2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

RCE in Nagios Xi

CVE-2025-34227

Nagios XI < 2026R1 is vulnerable to an authenticated command injection vulnerability within the MongoDB Database, MySQL Query, MySQL Server, Postgres Server, and Postgres Query wizards. It is possible to inject shell characters into argume…

Vulnerability class: Command Injection (OS Command Injection)

EPSS: 0.046 (89.5th percentile) — read the EPSS interpretation.

Affected products

Nagios Xi — versions 0

Weakness classification (CWE)

CWE-78 — OS Command Injection

Public proof-of-concept exploits

References

www.nagios.com/changelog/ (vendor-advisory, patch)
www.nagios.com/products/security/ (vendor-advisory, patch)
www.vulncheck.com/advisories/nagios-xi-config-wizard-auth-command-injection (third-party-advisory)
theyhack.me/CVE-2025-34227-Nagios-XI-Wizard-Command-Injection/ (technical-description, exploit)

Frequently asked questions

What is CVE-2025-34227?: CVE-2025-34227 is a vulnerability in Nagios Xi, classified under OS Command Injection. Published 2025-09-25.
Is CVE-2025-34227 known to be exploited?: 2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.