Critical Cacti Security Flaw ( CVE-2025-22604 ) Enables Remote Code Execution

Jan 29, 2025Ravie LakshmananVulnerability / Threat Intelligence

The Cacti open-source network monitoring and sin control framework contains a crucial security weakness that could permit remote code execution on vulnerable instances.

The weakness, tracked as CVE-2025-22604, carries a CVSS report of 9.1 out of a maximum of 10.0.

The project maintainers wrote in an advisory released this week that” a bug in the multi-line SNMP result parser allows authenticated users to add deformed OIDs into the response.”

” When processed by ss_net_snmp_disk_io ( ) or ss_net_snmp_disk_bytes ( ), a part of each OID will be used as a key in an array that is used as part of a system command, causing a command execution vulnerability”.

A powerful exploit of the risk might allow an authorized user with system management permissions to execute arbitrary code on the client and steal, edit, or delete sensitive information.

CVE-2025-22604 affects all types of the program prior to and including 1.2.28. Version 1. 2.29 addresses this issue. The weakness was identified and reported by a security researcher who uses the online alias u32i.

( CVSS score: 7.2 ), which is also addressed in the most recent version, could allow an authenticated attacker to write arbitrary PHP scripts inside the web root of the application by breaking the graph template and creation rules, leading to remote code execution.

Organizations that use Cacti for network monitoring should promote implementing the required patches in order to reduce the risk of compromise because security flaws in the program have previously been actively exploited.

Found this post interesting? Following us on and Twitter to access more unique content.

Leave a Comment