CVE-2025-60425 is a vulnerability identified in Nagios Fusion versions 2024R1.2 and 2024R2, where the system fails to invalidate existing session tokens when two-factor authentication (2FA) is enabled. Normally, enabling 2FA should invalidate all active sessions to ensure that only authenticated users with the second factor can maintain access. However, due to this flaw, attackers who have obtained a valid session token prior to 2FA activation can continue to use that token to access the system without re-authenticating or providing the second factor. This constitutes a session hijacking vulnerability classified under CWE-491 (Inclusion of Invalidated Sessions). The CVSS v3.1 base score is 8.6, indicating high severity, with an attack vector of network (AV:N), low attack complexity (AC:L), no privileges required (PR:N), no user interaction (UI:N), unchanged scope (S:U), low confidentiality impact (C:L), high integrity impact (I:H), and low availability impact (A:L). The vulnerability allows attackers to bypass 2FA protections, compromising the integrity of the monitoring system by potentially injecting false data or disrupting monitoring processes. No patches or known exploits are currently reported, but the vulnerability poses a significant risk given Nagios Fusion's role in critical IT infrastructure monitoring.

For European organizations, this vulnerability can lead to unauthorized access to Nagios Fusion monitoring dashboards and control interfaces, potentially allowing attackers to manipulate monitoring data, disable alerts, or conceal malicious activities. The integrity of IT infrastructure monitoring is critical for timely incident response and operational continuity; thus, exploitation could delay detection of attacks or system failures. Confidentiality impact is moderate, as attackers gain access to monitoring data that may include sensitive infrastructure details. Availability impact is low but could escalate if attackers disrupt monitoring services. Organizations relying on Nagios Fusion for compliance and operational oversight may face regulatory and reputational risks if monitoring is compromised. The vulnerability's ease of exploitation without privileges or user interaction increases the threat level, especially in environments where session tokens might be exposed through other means such as phishing or network interception.

1. Apply patches or updates from Nagios as soon as they become available that address session token invalidation upon 2FA activation. 2. Until patches are released, enforce manual session invalidation by logging out all users and restarting Nagios Fusion services after enabling 2FA. 3. Implement strict session management policies, including short session lifetimes and monitoring for concurrent sessions from different IP addresses. 4. Use network segmentation and firewall rules to restrict access to Nagios Fusion interfaces to trusted administrative networks only. 5. Enable comprehensive logging and alerting on session anomalies and failed authentication attempts. 6. Educate administrators on the risks of session hijacking and encourage use of hardware-based 2FA tokens to reduce token theft risk. 7. Regularly audit user sessions and revoke any suspicious or stale sessions manually. 8. Consider deploying Web Application Firewalls (WAFs) with rules to detect and block suspicious session token usage patterns.