exploitDog

CVE-2025-60424

Опубликовано: 27 окт. 2025

Источник: nvd

CVSS3: 7.6

EPSS Низкий

Описание

A lack of rate limiting in the OTP verification component of Nagios Fusion v2024R1.2 and v2024R2 allows attackers to bypass authentication via a bruteforce attack.

Ссылки

https://github.com/aakashtyal/2FA-Bypass-using-a-Brute-Force-Attack
Mitigation
Third Party Advisory
https://github.com/aakashtyal/2FA-Bypass-using-a-Brute-Force-Attack-CVE-2025-60424
Mitigation
Third Party Advisory
https://www.nagios.com/changelog/#fusion
Release Notes

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:nagios:fusion:2024:r1.2:*:*:*:*:*:*

cpe:2.3:a:nagios:fusion:2024:r2.1:*:*:*:*:*:*

EPSS

Процентиль: 57%

0.00356

Низкий

7.6 High

CVSS3

Дефекты

CWE-287

Связанные уязвимости

GHSA-f8r7-6gm2-hh64

CVSS3: 7.6

github

3 месяца назад

A lack of rate limiting in the OTP verification component of Nagios Fusion v2024R1.2 and v2024R2 allows attackers to bypass authentication via a bruteforce attack.

EPSS

Процентиль: 57%

0.00356

Низкий

7.6 High

CVSS3

Дефекты

CWE-287