44/68 Friday, January 31, 2025
A Critical Vulnerability has been discovered in the Cacti Framework, an open-source platform for network monitoring and fault management. This vulnerability, identified as CVE-2025-22604, could allow an authenticated attacker to perform Remote Code Execution (RCE) on affected servers. It has been assigned a CVSS score of 9.1 and originates from a flaw in the multi-line SNMP result parser. The issue enables attackers to inject malicious OIDs, which, when processed through the ss_net_snmp_disk_io() or ss_net_snmp_disk_bytes() functions, result in certain OID values being used as keys in system commands, leading to unauthorized command execution.
This vulnerability affects all versions of Cacti prior to 1.2.29 and has been patched in version 1.2.29. The security researcher known as “u32i” discovered and reported the issue. Additionally, the latest update also addresses another vulnerability, CVE-2025-24367 (CVSS 7.2), which allows an authenticated attacker to create malicious PHP files in the application’s web root through the graph and graph template creation functionality, potentially leading to Remote Code Execution.
Since Cacti has previously been a target of cyberattacks, organizations using Cacti for network monitoring are strongly advised to immediately update to version 1.2.29 to mitigate the risk of exploitation.
Source https://thehackernews.com/2025/01/critical-cacti-security-flaw-cve-2025.html
