Detections
Analytics
CVE-2025-34283
high
Description
Nagios XI versions prior to 2024R1.4.2 revealed API keys to users who were not authorized for API access when using Neptune themes. An authenticated user without API privileges could view another user's or their own API key value.
References
Details
Published: 2025-10-30
Updated: 2025-11-06
Risk Information
CVSS v2
Base Score: 6.8
Vector: CVSS2#AV:N/AC:L/Au:S/C:C/I:N/A:N
Severity: Medium
CVSS v3
Base Score: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Severity: Medium
CVSS v4
Base Score: 7.1
Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
Severity: High
EPSS
EPSS: 0.00391