CVE-2025-28132

CVSS 3.1 Score 4.6 of 10 (medium)

Details

Published Apr 1, 2025

CWE ID 613

Summary

CVE-2025-28132 is a session management vulnerability affecting Nagios Network Analyzer 2024R1.0.3. The flaw enables an attacker to reuse session tokens after a user logs out, granting unauthorized access and potential account takeover. This vulnerability stems from insufficient session expiration, allowing session tokens to persist beyond logout, enabling impersonation and unauthorized actions on users' behalf.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Nagios Network Analyzer

Affected Vendors

Nagios Enterprises LLC

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/4N_ouy
https://www.cve.org/CVERecord?id=CVE-2025-28132
https://nvd.nist.gov/vuln/detail/CVE-2025-28132

Back to Vulnerability Database

Platform Features

Products

Use Cases

Teams

Industries

Services

Measuring the US-China AI Gap

TerraStealerV2 and TerraLogger: Golden Chickens' New Malware Families Discovered

Uncovering MintsLoader With Recorded Future Malware Intelligence Hunting

Know What Matters

For Customers

For Partners