Critical Cacti Security Flaw (CVE-2025-22604) Enables Remote Code Execution

Avatar
A critical security flaw has been disclosed in the Cacti open-source network monitoring and fault management framework that could allow an authenticated attacker to achieve remote code execution on susceptible instances. The flaw, tracked as CVE-2025-22604, carries a CVSS score of 9.1 out of a maximum of 10.0. “Due to a flaw in the multi-line SNMP result parser, authenticated users can inject

A critical security flaw has been disclosed in the Cacti open-source network monitoring and fault management framework that could allow an authenticated attacker to achieve remote code execution on susceptible instances.

The flaw, tracked as CVE-2025-22604, carries a CVSS score of 9.1 out of a maximum of 10.0.

“Due to a flaw in the multi-line SNMP result parser, authenticated users can inject malformed OIDs in the response,” the project maintainers said in an advisory released this week.

“When processed by ss_net_snmp_disk_io() or ss_net_snmp_disk_bytes(), a part of each OID will be used as a key in an array that is used as part of a system command, causing a command execution vulnerability.”

Successful exploitation of the vulnerability could permit an authenticated user with device management permissions to execute arbitrary code in the server, and steal, edit, or delete sensitive data.

CVE-2025-22604 affects all versions of the software prior to and including 1.2.28. It has been addressed in version 1.2.29. A security researcher who goes by the online alias u32i has been credited with discovering and reporting the flaw.

Also addressed in the latest version is CVE-2025-24367 (CVSS score: 7.2), which could permit an authenticated attacker to create arbitrary PHP scripts in the web root of the application by abusing the graph creation and graph template functionality, leading to remote code execution.

With security vulnerabilities in Cacti having come under active exploitation in the past, organizations relying on the software for network monitoring should prioritize applying the necessary patches to mitigate the risk of compromise.

Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.

 The Hacker News 

Total
0
Shares
Previous Post

UAC-0063 Expands Cyber Attacks to European Embassies Using Stolen Documents

Next Post

How Interlock Ransomware Infects Healthcare Organizations

Related Posts

Meta’s Llama Framework Flaw Exposes AI Systems to Remote Code Execution Risks

A high-severity security flaw has been disclosed in Meta's Llama large language model (LLM) framework that, if successfully exploited, could allow an attacker to execute arbitrary code on the llama-stack inference server.  The vulnerability, tracked as CVE-2024-50050, has been assigned a CVSS score of 6.3 out of 10.0. Supply chain security firm Snyk, on the other hand, has assigned it a
Avatar
Read More

Rspack npm Packages Compromised with Crypto Mining Malware in Supply Chain Attack

The developers of Rspack have revealed that two of their npm packages, @rspack/core and @rspack/cli, were compromised in a software supply chain attack that allowed a malicious actor to publish malicious versions to the official package registry with cryptocurrency mining malware. Following the discovery, versions 1.1.7 of both libraries have been unpublished from the npm registry. The latest
Avatar
Read More