CVE-2025-28132

{"id": "CVE-2025-28132", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.6, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 2.5, "exploitabilityScore": 2.1}]}, "published": "2025-04-01T17:15:46.700", "references": [{"url": "https://github.com/harshal79/Insufficient-Session-Expiration.git", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.nagios.com/changelog/#network-analyzer", "tags": ["Release Notes"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-613"}]}], "descriptions": [{"lang": "en", "value": "A session management flaw in Nagios Network Analyzer 2024R1.0.3 allows an attacker to reuse session tokens even after a user logs out, leading to unauthorized access and account takeover. This occurs due to insufficient session expiration, where session tokens remain valid beyond logout, allowing an attacker to impersonate users and perform actions on their behalf."}, {"lang": "es", "value": "Una falla en la gesti\u00f3n de sesiones en Nagios Network Analyzer 2024R1.0.3 permite a un atacante reutilizar tokens de sesi\u00f3n incluso despu\u00e9s de que un usuario cierre sesi\u00f3n, lo que provoca accesos no autorizados y robo de cuentas. Esto se debe a una expiraci\u00f3n de sesi\u00f3n insuficiente, donde los tokens de sesi\u00f3n siguen siendo v\u00e1lidos despu\u00e9s del cierre de sesi\u00f3n, lo que permite a un atacante suplantar la identidad de los usuarios y realizar acciones en su nombre."}], "lastModified": "2025-06-18T13:59:16.210", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:nagios:nagios_network_analyzer:2024:r1.0.3*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A3CC310B-9B87-4EF0-856B-3B141C5AF90E"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}