CVE-2025-22604: Cacti has Authenticated RCE via multi-line SNMP responses

9.1 CVSS

Description

Cacti is an open source performance and fault management framework. Due to a flaw in multi-line SNMP result parser, authenticated users can inject malformed OIDs in the response. When processed by ss_net_snmp_disk_io() or ss_net_snmp_disk_bytes(), a part of each OID will be used as a key in an array that is used as part of a system command, causing a command execution vulnerability. This vulnerability is fixed in 1.2.29.

Classification

CVE ID: CVE-2025-22604

CVSS Base Severity: CRITICAL

CVSS Base Score: 9.1

Affected Products

Vendor: Cacti

Product: cacti

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.04% (probability of being exploited)

EPSS Percentile: 12.0% (scored less or equal to compared to others)

EPSS Date: 2025-02-25 (when was this score calculated)

References

https://github.com/Cacti/cacti/security/advisories/GHSA-c5j8-jxj3-hh36
https://github.com/Cacti/cacti/commit/c7e4ee798d263a3209ae6e7ba182c7b65284d8f0

Timeline

2025-01-28 00:30:49 UTC
CVE

Cacti has Authenticated RCE via multi-line SNMP responses
2025-01-29 11:00:28 UTC
TheHackerNews

Critical Cacti Security Flaw (CVE-2025-22604) Enables Remote Code Execution