CVE-2025-22604

Cacti has Authenticated RCE via multi-line SNMP responses

CVSS 9.1 CRITICALEPSS 5.3%CWE-78

Cacti is an open source performance and fault management framework. Due to a flaw in multi-line SNMP result parser, authenticated users can inject malformed OIDs in the response. When processed by ss_net_snmp_disk_io() or ss_net_snmp_disk_bytes(), a part of each OID will be used as a key in an array that is used as part of a system command, causing a command execution vulnerability. This vulnerability is fixed in 1.2.29.

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

Affected products

Cacti · cacti

public PoCs found — 1

githubgithub.com/ishwardeepp/CVE-2025-22604-Cacti-RCE★ 0

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://github.com/Cacti/cacti/commit/c7e4ee798d263a3209ae6e7ba182c7b65284d8f0 https://github.com/Cacti/cacti/security/advisories/GHSA-c5j8-jxj3-hh36 https://lists.debian.org/debian-lts-announce/2025/02/msg00010.html