Monitoring Software: IBM Tivoli Monitoring and Nagios XI are vulnerable

The monitoring software IBM Tivoli Monitoring and Nagios XI are vulnerable due to several security flaws. In the worst-case scenario, attackers can completely compromise systems. A patch to close the vulnerabilities is available for download for Nagios XI. For IBM Tivoli Monitoring, administrators need to take action.

Admins use both tools to monitor IT infrastructures. So far, no attack reports are known. Nevertheless, admins should secure their instances promptly.

Files Manipulable

In a security advisory, IBM developers state that remote attackers can exploit two vulnerabilities (CVE-2025-3356 “high,” CVE-2025-3355 “high”) using crafted URLs. If such an attack is successful, they can view and even overwrite files in the system.

The vulnerabilities are specifically in the KT1 component of the ITM/ITCAM agents. There is no patch for this. To solve the security problem, administrators must reconfigure systems to exclusively use TLS connections in this context. How to do this is explained in a support article.

Critical Security Vulnerabilities

The patched Nagios XI version 2026R1 has been available since the end of September this year. However, further information on the security vulnerabilities it closes was only published now in the National Vulnerability Database.

Three security vulnerabilities (CVE-2025-34286, CVE-2025-34284, CVE-2025-34134) are classified with the threat level “critical.” Due to insufficient checks, remote attackers can execute malicious code. However, they must already be authenticated to do so.

If attackers successfully exploit the remaining vulnerabilities, they can gain higher user privileges, among other things.

Last week, a vulnerability in the monitoring software Checkmk made headlines.

(des)