Critical Remote Code Execution Vulnerability Detected in Cacti Open-Source Framework

January 29, 2025

Cacti, an open-source platform widely used for operational monitoring and fault management, has been found to contain a critical vulnerability. The flaw, designated as CVE-2025-22604 and bearing a CVSS score of 9.1, could allow an authenticated attacker to remotely execute code on affected instances and access or manipulate sensitive data. The vulnerability lies in the multi-line SNMP result parser, enabling authenticated users to inject malformed OIDs. When these OIDs are processed, it results in a command execution issue, with part of the OID being used as a key in a system command array. The project maintainers released an advisory stating, “Due to a flaw in the multi-line SNMP result parser, authenticated users can inject malformed OIDs in the response. When processed by ss_net_snmp_disk_io() or ss_net_snmp_disk_bytes(), a part of each OID will be used as a key in an array that is used as part of a system command, causing a command execution vulnerability.” The vulnerability was found by a researcher known as u32i and affects all versions prior to 1.2.29.

In addition to this, the project maintainers have also rectified an Arbitrary File Creation vulnerability, identified as CVE-2025-24367 and having a CVSS score of 7.2. This flaw could have allowed an authenticated Cacti user to misuse the graph creation and graph template functionality to create arbitrary PHP scripts in the web root of the application, leading to remote code execution on the server. The advisory notes, “An authenticated Cacti user can abuse graph creation and graph template functionality to create arbitrary PHP scripts in the web root of the application, leading to remote code execution on the server.”

Latest News

Like what you see?

Get a digest of headlines, vulnerabilities, risk context, and more delivered to your inbox.

Subscribe Below

By submitting this form, you’re giving us permission to email you. You may unsubscribe at any time.

Accelerate Security Teams

Continuously identify and prioritize the risks that are most critical in your environment, and validate that your remediation efforts are reducing risk. An always-on single source-of-truth of your assets, services, and vulnerabilities.