Critical Vulnerability in Cacti Allows Remote Code Execution
2025-01-30
Learn about the critical importance of patch management to prevent remote code execution and data compromise in network monitoring tools.
A critical vulnerability in Cacti, an open-source network monitoring tool, allows authenticated users to execute remote code on affected systems by exploiting a flaw in the SNMP result parser. This vulnerability, identified as CVE-2025-22604, has a high severity score and permits attackers with management permissions to manipulate sensitive data. The issue, alongside another vulnerability (CVE-2025-24367), has been fixed in Cacti version 1.2.29. Organizations using Cacti should prioritize patching to prevent potential exploitation.
Patch Management, Web App/Website Vulnerability, Open Source
Cacti, CVE-2025-22604, Remote Code Execution, Network Monitoring, SNMP Vulnerability
CVE-2025-22604; CVE-2025-24367
Cacti
A significant security vulnerability has been identified in Cacti, an open-source tool used for network monitoring and fault management. This flaw, tracked as CVE-2025-22604, poses a serious risk as it allows remote code execution on affected systems. The issue arises from a flaw in the multi-line SNMP result parser. Authenticated users can inject malformed Object Identifiers (OIDs) into the SNMP response. These malformed OIDs, when processed by functions such as If exploited, this vulnerability can allow an authenticated user with device management permissions to execute arbitrary code on the server. This capability means attackers could steal, edit, or delete sensitive data, posing a critical threat to organizations relying on Cacti for network monitoring. In addition to CVE-2025-22604, another vulnerability, CVE-2025-24367, has been addressed. This flaw allows an authenticated attacker to create arbitrary PHP scripts in the web root of the application. By exploiting the graph creation and graph template functionality, attackers can achieve remote code execution. The vulnerabilities have been resolved in Cacti version 1.2.29. Organizations using Cacti are strongly encouraged to update to this version to mitigate potential risks. Given Cacti's history of being actively exploited, it is crucial for organizations to prioritize applying the necessary patches. Addressing these vulnerabilities promptly can help protect against unauthorized access and data breaches.Critical Vulnerability in Cacti Network Monitoring Tool
Understanding the Vulnerability
ss_net_snmp_disk_io() or ss_net_snmp_disk_bytes(), can be used as keys in an array that forms part of a system command. This leads to a command execution vulnerability.Potential Impact
Additional Vulnerability: CVE-2025-24367
Remediation
Importance of Prompt Action
https://thehackernews.com/2025/01/critical-cacti-security-flaw-cve-2025.html?m=1