Shodan
Vulnerabilities
Vulnerable Software

Vulnerability Details CVE-2025-34249

Nagios Fusion versions prior to 2024R2.1 contain a brute-force bypass in the Two-Factor Authentication (2FA) implementation. The application did not properly enforce rate limiting or account lockout for repeated failed 2FA verification attempts, allowing a remote attacker to repeatedly try second-factor codes for a targeted account. By abusing the lack of enforcement, an attacker could eventually successfully authenticate to accounts protected by 2FA.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.007
EPSS Ranking 72.3%
CVSS Severity
CVSS v3 Score 9.8
Products affected by CVE-2025-34249
  • Nagios » Fusion » Version: 2024
    cpe:2.3:a:nagios:fusion:2024
  • Nagios » Fusion » Version: 4.0.0
    cpe:2.3:a:nagios:fusion:4.0.0
  • Nagios » Fusion » Version: 4.0.1
    cpe:2.3:a:nagios:fusion:4.0.1
  • Nagios » Fusion » Version: 4.1.0
    cpe:2.3:a:nagios:fusion:4.1.0
  • Nagios » Fusion » Version: 4.1.1
    cpe:2.3:a:nagios:fusion:4.1.1
  • Nagios » Fusion » Version: 4.1.2
    cpe:2.3:a:nagios:fusion:4.1.2
  • Nagios » Fusion » Version: 4.1.3
    cpe:2.3:a:nagios:fusion:4.1.3
  • Nagios » Fusion » Version: 4.1.4
    cpe:2.3:a:nagios:fusion:4.1.4
  • Nagios » Fusion » Version: 4.1.5
    cpe:2.3:a:nagios:fusion:4.1.5
  • Nagios » Fusion » Version: 4.1.6
    cpe:2.3:a:nagios:fusion:4.1.6
  • Nagios » Fusion » Version: 4.1.7
    cpe:2.3:a:nagios:fusion:4.1.7
  • Nagios » Fusion » Version: 4.1.8
    cpe:2.3:a:nagios:fusion:4.1.8
  • Nagios » Fusion » Version: 4.1.9
    cpe:2.3:a:nagios:fusion:4.1.9
  • Nagios » Fusion » Version: 4.2.0
    cpe:2.3:a:nagios:fusion:4.2.0


Products
Pricing
Contact Us

Shodan ® - All rights reserved