A serious security vulnerability has been identified in the open-source network monitoring and fault management tool, Cacti. This flaw poses a risk of remote code execution for authenticated users on affected installations. The issue has been assigned the identifier CVE-2025-22604 and has garnered a high CVSS score of 9.1 out of 10, indicating its severity.
According to a recent advisory from Cacti’s developers, the vulnerability arises from a defect in the multi-line Simple Network Management Protocol (SNMP) result parser. The parser allows authenticated users to insert malformed Object Identifiers (OIDs) into SNMP responses. When these responses are processed by functions such as ss_net_snmp_disk_io() or ss_net_snmp_disk_bytes(), portions of the OIDs may be erroneously utilized as keys in an array linked to system commands, thereby creating conditions ripe for command execution vulnerabilities.
By exploiting this vulnerability, an attacker with device management privileges could execute arbitrary code on the server, enabling unauthorized access to sensitive information, including data theft, modification, or deletion.
CVE-2025-22604 affects all prior versions of Cacti, culminating with 1.2.28. The vulnerability has been patched in the latest release, version 1.2.29. The discovery of this flaw has been credited to a security researcher known as u32i, emphasizing the importance of community contributions to the identification of cybersecurity issues.
Additionally, the same version addresses another vulnerability, CVE-2025-24367, which carries a CVSS score of 7.2. This issue could enable an authenticated attacker to create malicious PHP scripts within the application’s web root, also facilitating remote code execution.
Given that vulnerabilities in Cacti have been actively exploited in previous instances, it is imperative for organizations utilizing this software for network monitoring to prioritize immediate patch application to safeguard against potential exploits. Failure to address these vulnerabilities could lead to significant risks and data breaches.
