CNNVD-202510-3533 Information
CNNVD ID
CNNVD-202510-3533
Related CVE
- CNNVD Published: 2025-10-27
Description (Chinese)
Nagios Fusion是美国Nagios公司的一个集中监控与可视化平台。 Nagios Fusion v2024R1.2版本和v2024R2版本存在安全漏洞,该漏洞源于启用双因素认证时未使现有会话令牌失效,可能导致会话劫持攻击。
Description (English)
Nagios Fusion is a centralized surveillance and visualization platform of the United States company Nagios. There is a security loophole in Nagios Fusion v2024R1.2 and v2024R2, which stems from the failure to invalidate the existing message badges when the double factor authentication is enabled, which could lead to a session hijacking attack.
Hazard Level
Medium
Vulnerability Type
其他
Affected Vendor
Nagios
Published
2025-10-27
Last Modified
2026-02-24
References
https://github.com/aakashtyal/Session-Persistence-After-Enabling-2FA https://github.com/aakashtyal/Session-Persistence-After-Enabling-2FA-CVE-2025-60425 https://www.nagios.com/changelog/#fusion https://access.redhat.com/security/cve/cve-2025-60425
Patch
https://www.nagios.com/products/nagios-fusion/
Share on: