January 18, 2022 · Applied Cybernetics Group
CVE-2021-25296 — Nagios Nagios XI
Nagios XI OS Command Injection
- Added to KEV
2022-01-18- Federal due date
2022-02-01- Vendor
- Nagios
- Product
- Nagios XI
- EPSS
- 99.8th percentile (score 0.933, as of
2026-06-08) - NVD CVSS v3.1
- —
- Ransomware use
- Unknown
- Upstream
- https://nvd.nist.gov/vuln/detail/CVE-2021-25296
CISA short description
Nagios XI contains a vulnerability which can lead to OS command injection on the Nagios XI server.
Required action
Apply updates per vendor instructions.