Latest Cyber Security News

You are here: Home / General Cyber Security News / Critical Cacti Security Flaw (CVE-2025-22604) Enables Remote Code Execution
January 29, 2025

A critical security flaw has been disclosed in the Cacti open-source network monitoring and fault management framework that could allow an authenticated attacker to achieve remote code execution on susceptible instances.

The flaw, tracked as CVE-2025-22604, carries a CVSS score of 9.1 out of a maximum of 10.0.

“Due to a flaw in the multi-line SNMP result parser, authenticated users can inject malformed OIDs in the response,” the project maintainers said in an advisory released this week.

✔ Approved Seller From Our Partners
Mullvad VPN Discount

Protect your privacy by Mullvad VPN. Mullvad VPN is one of the famous brands in the security and privacy world. With Mullvad VPN you will not even be asked for your email address. No log policy, no data from you will be saved. Get your license key now from the official distributor of Mullvad with discount: SerialCart® (Limited Offer).

➤ Get Mullvad VPN with 12% Discount


“When processed by ss_net_snmp_disk_io() or ss_net_snmp_disk_bytes(), a part of each OID will be used as a key in an array that is used as part of a system command, causing a command execution vulnerability.”

Successful exploitation of the vulnerability could permit an authenticated user with device management permissions to execute arbitrary code in the server, and steal, edit, or delete sensitive data.

Cybersecurity

CVE-2025-22604 affects all versions of the software prior to and including 1.2.28. It has been addressed in version 1.2.29. A security researcher who goes by the online alias u32i has been credited with discovering and reporting the flaw.

Also addressed in the latest version is CVE-2025-24367 (CVSS score: 7.2), which could permit an authenticated attacker to create arbitrary PHP scripts in the web root of the application by abusing the graph creation and graph template functionality, leading to remote code execution.

With security vulnerabilities in Cacti having come under active exploitation in the past, organizations relying on the software for network monitoring should prioritize applying the necessary patches to mitigate the risk of compromise.

Found this article interesting? Follow us on Twitter  and LinkedIn to read more exclusive content we post.


Some parts of this article are sourced from:
thehackernews.com

Reader Interactions

Leave a Reply

Your email address will not be published. Required fields are marked *