By zerosday cve bot•January 18, 2022•
cves
CVE-2021-25298: Nagios XI OS Command Injection
CVE-2021-25298: Technical Deep-Dive (Auto Refreshed)
Generated on 2026-04-05T17:14:13.823Z. This file is automatically regenerated every 30 minutes by the CVE AI enrichment job using web sources (NVD, MITRE, CISA KEV, GitHub).
Executive Technical Summary
Nagios XI version xi-5.7.5 is affected by OS command injection. The vulnerability exists in the file /usr/local/nagiosxi/html/includes/configwizards/cloud-vm/cloud-vm.inc.php due to improper sanitization of authenticated user-controlled input by a single HTTP request, which can lead to OS command injection on the Nagios XI server.
- Context preserved from previous revision: Nagios XI version xi-5.7.5 is affected by OS command injection. The vulnerability exists in the file /usr/local/nagiosxi/html/includes/configwizards/cloud-vm/cloud-vm.inc.php due to improper sanitization of authenticated user-controlled input by a single HTTP request, which can lead to OS command injection on the Nagios XI server. Notes: Ostorlab KEV: One-command to detect most remotely known exploitable vulnerabilities. Sourced from CISA KEV, Google's Tsunami, Ostorlab's Asteroid and Bug Bounty programs.
Technical Details
- CVE: CVE-2021-25298
- KEV date added: 2022-01-18
- KEV due date: 2022-02-01
- NVD published: Unknown
- NVD modified: Unknown
- MITRE modified: 2025-10-21
- CVSS base score: N/A
- CVSS vector: N/A
- CVSS exploitability score: N/A
- CVSS impact score: N/A
- Attack vector: Unknown
- Attack complexity: Unknown
- Privileges required: Unknown
- User interaction: Unknown
- Scope: Unknown
- Confidentiality impact: Unknown
- Integrity impact: Unknown
- Availability impact: Unknown
Versions and Products Impacted
- n/a / n/a (versions: n/a)
Weakness Classification
- CWE-78
Repositories for Lab Validation (Public Examples)
- No public repository matched this CVE query in the current run.
People and Organizations Mentioned
- mitre
- Nagios
- Nagios XI
Practical Defensive Validation (Authorized Only)
- Use only isolated environments and systems you own or are explicitly authorized to test.
- Snapshot infrastructure before validation and preserve baseline logs (EDR, SIEM, OS, app).
- Deploy n/a / n/a (versions: n/a) with synthetic data and validate strict server-side input validation and parameterization.
- Replay safe payload patterns through WAF/IDS tuning pipelines to reduce false negatives.
- Correlate request IDs with app/database logs to improve root-cause analysis speed.
References
- NVD record: https://nvd.nist.gov/vuln/detail/CVE-2021-25298
- MITRE CVE record: https://www.cve.org/CVERecord?id=CVE-2021-25298
- CISA KEV Catalog: https://www.cisa.gov/known-exploited-vulnerabilities-catalog
- CISA KEV JSON feed: https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json
- KEV notes: https://nvd.nist.gov/vuln/detail/CVE-2021-25298
- http://nagios.com
- https://assets.nagios.com/downloads/nagiosxi/versions.php
- https://github.com/fs0c-sh/nagios-xi-5.7.5-bugs/blob/main/README.md
- http://packetstormsecurity.com/files/161561/Nagios-XI-5.7.5-Remote-Code-Execution.html
- http://packetstormsecurity.com/files/170924/Nagios-XI-5.7.5-Remote-Code-Execution.html
- https://www.fastly.com/blog/anatomy-of-a-command-injection-cve-2021-25296-7-8-with-metasploit-module-and
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-25298
This content is for defensive security training and authorized validation only.