CVE-2025-60425

Publication date

2025-10-27 00:00:00

Family

mitre

State

PUBLISHED

Description

Nagios Fusion v2024R1.2 and v2024R2 does not invalidate already existing session tokens when the two-factor authentication mechanism is enabled, allowing attackers to perform a session hijacking attack.