January 29, 2025 By Pierluigi Paganini
A critical flaw in Cacti open-source network monitoring and fault management framework that could allow remote code execution.
Cacti is an open-source platform that provides a robust and extensible operational monitoring and fault management framework for users.
A critical vulnerability, tracked as CVE-2025-22604 (CVSS score of 9.1), in the Cacti open-source framework could allow an authenticated attacker to achieve remote code execution on susceptible instances, and steal, edit, or delete sensitive data.
The flaw resides in the multi-line SNMP result parser and allows authenticated users to inject malformed OIDs. Upon processing them, it triggers a command execution issue by using part of the OID as a key in a system command array.
“Due to a flaw in the multi-line SNMP result parser, authenticated users can inject malformed OIDs in the response,” reads the advisory published by the project maintainers. “When processed by ss_net_snmp_disk_io() or ss_net_snmp_disk_bytes(), a part of each OID will be used as a key in an array that is used as part of a system command, causing a command execution vulnerability.”
