exploitDog

CVE-2025-60425

Опубликовано: 27 окт. 2025

Источник: nvd

CVSS3: 8.6

EPSS Низкий

Описание

Nagios Fusion v2024R1.2 and v2024R2 does not invalidate already existing session tokens when the two-factor authentication mechanism is enabled, allowing attackers to perform a session hijacking attack.

Ссылки

https://github.com/aakashtyal/Session-Persistence-After-Enabling-2FA
Mitigation
Third Party Advisory
https://github.com/aakashtyal/Session-Persistence-After-Enabling-2FA-CVE-2025-60425
Mitigation
Third Party Advisory
https://www.nagios.com/changelog/#fusion
Release Notes

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:nagios:fusion:2024:r1.2:*:*:*:*:*:*

cpe:2.3:a:nagios:fusion:2024:r2.1:*:*:*:*:*:*

EPSS

Процентиль: 82%

0.01636

Низкий

8.6 High

CVSS3

Дефекты

CWE-491

Связанные уязвимости

GHSA-5w58-vmv5-p957

CVSS3: 8.6

github

3 месяца назад

Nagios Fusion v2024R1.2 and v2024R2 does not invalidate already existing session tokens when the two-factor authentication mechanism is enabled, allowing attackers to perform a session hijacking attack.

EPSS

Процентиль: 82%

0.01636

Низкий

8.6 High

CVSS3

Дефекты

CWE-491