CVE-2025-60425

Published
View on NVD ↗
CVSS v3
8.6
HIGH
CVSS v2
N/A
Affected
1
PROJECT

Description

Nagios Fusion v2024R1.2 and v2024R2 does not invalidate already existing session tokens when the two-factor authentication mechanism is enabled, allowing attackers to perform a session hijacking attack.

aakashtyal/Session-Persistence-After-Enabling-2FA-CVE-2025-60425
aakashtyal/Session-Persistence-After-Enabling-2FA-CVE-2025-60425
GitHubGitHub