Cacti vulnerable to arbitrary file write exploit
CVE-2024-25641
Key Information:
Badges
What is CVE-2024-25641?
An arbitrary file write vulnerability exists in the Cacti Monitoring Framework, specifically prior to version 1.2.27. This security flaw is exploited through the "Package Import" feature, which is available to authenticated users with the "Import Templates" permission. The vulnerability arises from the import_package() function within the /lib/import.php script, which incorrectly trusts the filename and content specified in the XML data. As a result, the application writes files directly into the Cacti base path without proper validation, leading to potential path traversal. Exploitability allows an attacker to create or overwrite files on the web server, which may enable execution of arbitrary PHP code, resulting in various security impacts. Version 1.2.27 addresses this vulnerability with a security patch.
Affected Version(s)
cacti < 1.2.27
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
References
EPSS Score
82% chance of being exploited in the next 30 days.
CVSS V3.1
Timeline
- 🟡
Public PoC available
- 👾
Exploit known to exist
Vulnerability published
Vulnerability Reserved