A crucial safety flaw has been disclosed within the Cacti open-source community monitoring and fault administration framework that might enable an authenticated attacker to realize distant code execution on inclined cases.
The flaw, tracked as CVE-2025-22604, carries a CVSS rating of 9.1 out of a most of 10.0.
“Because of a flaw within the multi-line SNMP end result parser, authenticated customers can inject malformed OIDs within the response,” the venture maintainers mentioned in an advisory launched this week.
“When processed by ss_net_snmp_disk_io() or ss_net_snmp_disk_bytes(), part of every OID will likely be used as a key in an array that’s used as a part of a system command, inflicting a command execution vulnerability.”
Profitable exploitation of the vulnerability might allow an authenticated consumer with system administration permissions to execute arbitrary code within the server, and steal, edit, or delete delicate knowledge.
CVE-2025-22604 impacts all variations of the software program previous to and together with 1.2.28. It has been addressed in model 1.2.29. A safety researcher who goes by the net alias u32i has been credited with discovering and reporting the flaw.
Additionally addressed within the newest model is CVE-2025-24367 (CVSS rating: 7.2), which might allow an authenticated attacker to create arbitrary PHP scripts within the net root of the appliance by abusing the graph creation and graph template performance, resulting in distant code execution.
With safety vulnerabilities in Cacti having come beneath lively exploitation prior to now, organizations counting on the software program for community monitoring ought to prioritize making use of the required patches to mitigate the danger of compromise.