CVE-2025-34288 – Nagios XI – Local Privilege Escalation via Writable PHP Include

A security update addresses CVE-2025-34288 in Nagios XI, a local privilege escalation vulnerability affecting the monitoring platform’s application environment. The issue occurs when a maintenance script that runs with elevated privileges loads a PHP include file that is writable by a lower-privileged application user. An attacker with access to the Nagios XI application account can modify that file and inject malicious code that executes when the privileged script runs.

Successful exploitation allows the attacker to execute commands with elevated permissions, potentially leading to full system compromise of the monitoring server. The CVSS score is 8.6, which is High severity.

The vendor released a security update that resolves the issue by correcting file ownership and permission handling so that lower-privileged users can no longer modify the included file used by the privileged maintenance process.