The widely used open-source network monitoring tool, Cacti, identified a critical vulnerability.\u00a0The flaw, tracked as CVE-2025-22604 has a CVSS score of 9.1, indicating high severity.\u00a0<\/p>\n
It allows authenticated users with device management permissions to execute arbitrary commands<\/a> on the server, posing significant risks to data integrity and system security.<\/p>\n According to security researcher u32i, the vulnerability stems from a flaw in Cacti\u2019s multi-line SNMP<\/a> (Simple Network Management Protocol) result parser. Specifically, authenticated users can inject malformed Object Identifiers (OIDs) into SNMP responses.\u00a0<\/p>\n These malformed OIDs are processed by functions such as ss_net_snmp_disk_io() and ss_net_snmp_disk_bytes(). During processing, parts of the OIDs are used as keys in an array that is later incorporated into a shell command. This improper handling creates an OS Command Injection vulnerability<\/a>.<\/p>\n The issue originates in the cacti_snmp_walk() function, which uses exec_into_array() to execute commands and parse multi-line SNMP results into arrays. While the values are filtered during parsing, the OIDs themselves are not sanitized.<\/p>\n Are you from SOC\/DFIR Teams? \u2013\u00a0Analyse Malware Files & Links with ANY.RUN Sandox ->\u00a0Try for Free<\/a><\/strong><\/p>\n If a line lacks a valid OID, its content is appended to the previous OID\u2019s value without filtering. This oversight enables attackers to craft malicious payloads.<\/p>\n A proof-of-concept (PoC) exploit has been publicly released, demonstrating how attackers can leverage this vulnerability:<\/p>\n Successful exploitation grants attackers the ability to:<\/p>\n This vulnerability is particularly dangerous because it requires only authenticated access with device management permissions, making it exploitable by malicious insiders or attackers who gain access credentials through phishing or other means.<\/p>\n Users are strongly advised to upgrade<\/a> to version 1.2.29 or later, where this issue has been patched.<\/p>\n CVE-2025-22604 highlights the critical importance of input validation and secure coding practices in network management tools like Cacti.<\/p>\n Organizations using Cacti should act immediately to patch their systems and implement robust security measures to prevent exploitation of this vulnerability.<\/p>\n Integrating Application Security into Your CI\/CD Workflows Using Jenkins & Jira ->\u00a0Free Webinar<\/a><\/strong><\/strong><\/p>\n The post Critical Cacti Vulnerability Let Attackers Code Remotely \u2013 PoC Released<\/a> appeared first on Cyber Security News<\/a>.<\/p>\n<\/div>\n\nCacti RCE Vulnerability<\/strong> <\/h2>\n
Proof of Concept (PoC)<\/strong><\/h2>\n
\n
\n
![\"\"](\"https:\/\/lh7-rt.googleusercontent.com\/docsz\/AD_4nXejkdNy7zzW-yzDoST-aO-U-hoq8TVOSpB4IbQaqstOxIWWK5PYPJuaxixc_RT-kVSF5d-X53FlGcmbHPGLv-QtOAOaAQARo5qokorg573Ys5LL2_wsyxc0EintYoV-YI_5ekJKpA?key=03yjAZGFriFED57Ypi5AFCBt\")