CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Nagios: >> Fusion >> 2024 Security Vulnerabilities

CVE-2025-60425

Nagios Fusion v2024R1.2 and v2024R2 does not invalidate already existing session tokens when the two-factor authentication mechanism is enabled, allowing attackers to perform a session hijacking attack.

CVSS Score

8.6

EPSS Score

0.021

Published

2025-10-27

CVE-2025-60424

A lack of rate limiting in the OTP verification component of Nagios Fusion v2024R1.2 and v2024R2 allows attackers to bypass authentication via a bruteforce attack.

CVSS Score

7.6

EPSS Score

0.003

Published

2025-10-27

Page 1

Vulnerabilities

Vulnerable Software

Nagios: >> Fusion >> 2024 Security Vulnerabilities

Products

Pricing

Contact Us