CVE-2024-14003

high-risk

Published 2025-10-30

Nagios XI versions prior to 2024R1.2 are vulnerable to remote code execution (RCE) through its NRDP (Nagios Remote Data Processor) server plugins. Insufficient validation of inbound NRDP request parameters allows crafted input to reach command execution paths, enabling attackers to execute arbitrary commands on the underlying host in the context of the web/Nagios service.

Do I need to act?

0.95% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 9.8/10 Critical

NETWORK / LOW complexity

Affected Products (10)

Nagios Xi

Affected Vendors

Nagios

References (3)

Release Notes https://www.nagios.com/changelog/nagios-xi/

Vendor Advisory https://www.nagios.com/products/security/#nagios-xi

Third Party Advisory https://www.vulncheck.com/advisories/nagios-xi-rce-via-nrdp-server-plugins

/ 100

high-risk

Severity 32/34 · Critical

Exploitability 3/34 · Minimal

Exposure 16/34 · Moderate