Command Execution Vulnerability in Cacti Performance Management Software
CVE-2025-22604

9.1CRITICAL

Key Information:

Vendor
Cacti
Status
Cacti
Vendor
CVE Published:
27 January 2025

Badges

📈 Score: 1,600👾 Exploit Exists📰 News Worthy

What is CVE-2025-22604?

CVE-2025-22604 is a vulnerability found in Cacti, an open-source performance and fault management software widely utilized for network monitoring. This vulnerability lies within the multi-line SNMP result parser, allowing authenticated users to inject malformed object identifiers (OIDs). This mishandling can lead to command execution vulnerabilities, negatively affecting organizations as it could permit unauthorized access to critical system commands and potentially compromise the integrity and confidentiality of sensitive data.

Technical Details

The vulnerability occurs because the software's functions, specifically ss_net_snmp_disk_io() and ss_net_snmp_disk_bytes(), improperly process malformed OIDs supplied by users. During this process, parts of these OIDs are inadvertently used as keys in an array linked to system commands. As a result, this flaw can enable an authenticated user to execute arbitrary commands on the host system, ultimately leading to significant security breaches.

Potential impact of CVE-2025-22604

  1. Unauthorized Command Execution: The primary risk involves the potential for authenticated users to execute arbitrary commands on the server, which could lead to unauthorized access to the system and sensitive data.

  2. Data Integrity Compromise: Exploiting this vulnerability could allow attackers to alter or delete important performance data, undermining the integrity of the monitoring and management processes that Cacti provides.

  3. System Instability and Disruption: Exploitation may lead to system crashes or instability, which could disrupt critical monitoring services, impacting the overall operational functionality of affected organizations.

Affected Version(s)

cacti <= 1.2.8

News Articles

favicon imageThe Hacker News

Critical Cacti Security Flaw (CVE-2025-22604) Enables Remote Code Execution

CVE-2025-22604 in Cacti (CVSS 9.1) enables authenticated attackers to execute remote code. Upgrade to version 1.2.29 to mitigate the critical flaw.

1 week ago

favicon imageCybersecurityNews

Critical Cacti Vulnerability Let Attackers Code Remotely - PoC Released

The widely used open-source network monitoring tool, Cacti, identified a critical vulnerability. The flaw, tracked as CVE-2025-22604 has a CVSS score of 9.1, indicating high severity. 

1 week ago

References

https://github.com/Cacti/cacti/security/advisories/GHSA-c...
x_refsource_CONFIRM
https://github.com/Cacti/cacti/commit/c7e4ee798d263a3209a...
x_refsource_MISC

CVSS V3.1

Score:
9.1
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Changed

Timeline

  • 👾

    Exploit known to exist

  • 📰

    First article discovered by CybersecurityNews

  • Vulnerability published

  • Vulnerability Reserved

.