A essential security flaw has been disclosed within the Cacti open-source community monitoring and fault administration framework that might permit an authenticated attacker to attain distant code execution on inclined situations.
The flaw, tracked as CVE-2025-22604, carries a CVSS rating of 9.1 out of a most of 10.0.
“As a consequence of a flaw within the multi-line SNMP outcome parser, authenticated customers can inject malformed OIDs within the response,” the undertaking maintainers stated in an advisory launched this week.
“When processed by ss_net_snmp_disk_io() or ss_net_snmp_disk_bytes(), part of every OID will likely be used as a key in an array that’s used as a part of a system command, inflicting a command execution vulnerability.”
Profitable exploitation of the vulnerability might allow an authenticated person with system administration permissions to execute arbitrary code within the server, and steal, edit, or delete delicate knowledge.
CVE-2025-22604 impacts all variations of the software program previous to and together with 1.2.28. It has been addressed in model 1.2.29. A security researcher who goes by the web alias u32i has been credited with discovering and reporting the flaw.
THN Recap: High Cybersecurity Threats, Instruments and Suggestions (Dec 2Additionally addressed within the newest model is CVE-2025-24367 (CVSS rating: 7.2), which might allow an authenticated attacker to create arbitrary PHP scripts within the internet root of the applying by abusing the graph creation and graph template performance, resulting in distant code execution.
With security vulnerabilities in Cacti having come below lively exploitation previously, organizations counting on the software program for community monitoring ought to prioritize making use of the mandatory patches to mitigate the danger of compromise.
