CVE-2025-60425

Published: Oct 27, 2025

Modified: Oct 27, 2025

PUBLISHED

Description

Nagios Fusion v2024R1.2 and v2024R2 does not invalidate already existing session tokens when the two-factor authentication mechanism is enabled, allowing attackers to perform a session hijacking attack.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://www.nagios.com/changelog/#fusion

https://github.com/aakashtyal/Session-Persistence-After-Enabling-2FA

https://github.com/aakashtyal/Session-Persistence-After-Enabling-2FA-CVE-2025-60425

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2025-60425

Description

Affected Products

References