CVE-2012-10063
moderate-risk
Published 2025-10-30
Nagios XI versions prior to 2012R1.3 contain a SQL injection vulnerability in the legacy Core Configuration Manager (CCM) interface. Authenticated users could manipulate SQL queries by supplying crafted input to specific CCM parameters, potentially allowing access to configuration data stored in the application database. Successful exploitation could disclose or modify notification data and, in some cases, impact the application database more broadly.
Do I need to act?
~
1.1% chance of exploitation in next 30 days
EPSS score — moderate exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
9
CVSS 9.8/10
Critical
NETWORK
/ LOW complexity
Affected Vendors
References (2)
Release Notes
https://www.nagios.com/changelog/nagios-xi/
Third Party Advisory
https://www.vulncheck.com/advisories/nagios-xi-authenticated-sqli-in-legacy-ccm
45
/ 100
moderate-risk
Severity
32/34 · Critical
Exploitability
3/34 · Minimal
Exposure
10/34 · Low