{"id":"CVE-2025-34323","details":"Nagios Log Server versions prior to 2026R1.0.1 are vulnerable to local privilege escalation due to a combination of sudo misconfiguration and group-writable application directories. The 'www-data' user is a member of the 'nagios' group, which has write access to '/usr/local/nagioslogserver/scripts', while several scripts in this directory are owned by root and may be executed via sudo without a password. A local attacker running as 'www-data' can move one of these root-owned scripts to a backup name and create a replacement script with attacker-controlled content at the original path, then invoke it with sudo. This allows arbitrary commands to be executed with root privileges, providing full compromise of the underlying operating system.","modified":"2026-03-15T22:52:11.219272Z","published":"2025-11-17T18:15:56.880Z","references":[{"type":"WEB","url":"https://theyhack.me/Rooting-Nagios-Log-Server/"},{"type":"ADVISORY","url":"https://www.nagios.com/changelog/nagios-log-server/nagios-log-server-2026r1-0-1/"},{"type":"ADVISORY","url":"https://www.nagios.com/products/security/#log-server"},{"type":"ADVISORY","url":"https://www.vulncheck.com/advisories/nagios-log-server-local-privilege-escalation-via-writable-scripts-and-sudo-rules"}],"affected":[{"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"0"},{"fixed":"2026"}]},{"events":[{"introduced":"0"},{"last_affected":"2026-r1"}]}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-34323.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}]}