Severity: Medium Date: October 30, 2025 Affecting: XI < 2024R1.4.2 CVE: CVE-2025-34135 CWE: CWE-732 Incorrect Permission Assignment for Critical Resource CVSS: 5.1 CVSS V4 Vector: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N References: - Nagios XI Security Disclosures - Nagios XI Changelog Description: Prior to 2024R1.4.2, Nagios XI versions configured some systemd unit files with overly permissive permission sets. This issue includes the nagios.service unit file having executable permissions where they were unnecessary. Such overly permissive permissions on service unit files can expand the local attack surface by allowing unintended execution behaviors or facilitating misuse of services in combination with other vulnerabilities.