Critical Cacti Security Flaw (CVE-2025-22604) Enables Remote Code Execution

Source: The Hacker News Author: [email protected] (The Hacker News) URL: https://thehackernews.com/2025/01/critical-cacti-security-flaw-cve-2025.html

ONE SENTENCE SUMMARY:

A critical Cacti vulnerability (CVE-2025-22604, CVSS 9.1) enables authenticated remote code execution, urging immediate patching to version 1.2.29.

MAIN POINTS:

  1. CVE-2025-22604 is a critical flaw in the Cacti monitoring framework with a CVSS score of 9.1.
  2. The flaw allows authenticated attackers to execute arbitrary code through malformed OIDs in SNMP responses.
  3. Exploitation could lead to data theft, modification, or deletion on vulnerable servers.
  4. The vulnerability affects all Cacti versions up to and including 1.2.28.
  5. The issue has been fixed in Cacti version 1.2.29, released this week.
  6. Security researcher “u32i” discovered and reported the CVE-2025-22604 vulnerability.
  7. Another flaw, CVE-2025-24367 (CVSS 7.2), allows creation of arbitrary PHP scripts for remote code execution.
  8. CVE-2025-24367 exploits Cacti’s graph creation and template functionality in earlier versions.
  9. Organizations using Cacti should prioritize patching to version 1.2.29 to mitigate risks.
  10. Cacti vulnerabilities have been actively exploited in the past, highlighting the urgency for updates.

TAKEAWAYS:

  1. Upgrade Cacti to version 1.2.29 immediately to address CVE-2025-22604 and CVE-2025-24367 vulnerabilities.
  2. Authenticated attackers can exploit SNMP flaws for remote code execution on older Cacti versions.
  3. Data integrity risks include theft, modification, and deletion if vulnerabilities are left unpatched.
  4. Past exploitation history emphasizes the importance of timely patch application for Cacti users.
  5. Monitoring software should always be kept updated to avoid security threats.