Severe RCE Vulnerability in Cacti Network Monitor Puts Systems at Critical Risk (CVE-2025-22604)

Severe RCE Vulnerability in Cacti Network Monitor Puts Systems at Critical Risk (CVE-2025-22604)

Critical Security Vulnerability Discovered in Cacti Network Monitoring Framework

A severe security vulnerability has been identified in Cacti, the popular open-source network monitoring framework. The flaw, designated as CVE-2025-22604, has received a critical CVSS score of 9.1 out of 10.0.

The vulnerability stems from a defect in the multi-line SNMP result parser, where authenticated users can inject malformed OIDs in the response. When processed by specific functions (ss_net_snmp_disk_io() or ss_net_snmp_disk_bytes()), this flaw can lead to command execution vulnerability.

Impact and Risk:
– Authenticated users with device management access can execute arbitrary code
– Potential theft, modification, or deletion of sensitive data
– Affects all Cacti versions up to and including 1.2.28

An additional vulnerability, CVE-2025-24367 (CVSS 7.2), was also discovered, allowing authenticated attackers to create arbitrary PHP scripts in the application’s web root through graph creation and template functionality.

Resolution:
– Both vulnerabilities have been patched in version 1.2.29
– Organizations are strongly advised to update immediately
– Previous instances of Cacti vulnerabilities have been actively exploited

Credit for discovering the primary vulnerability goes to security researcher u32i.

Share This Article