CVE-2025-22604

Name of the Vulnerable Software and Affected Versions Cacti versions prior to 1.2.29 Cacti versions prior to 1.2.24+ds1-1+deb12u5 Cacti versions prior to 1.2.16+ds1-2+deb11u5

Description Cacti, a web interface for graphing of monitoring systems, contains a critical flaw in its multi-line SNMP result parser. This allows authenticated users to inject malformed Object Identifier (OID) values in SNMP responses. When processed by the ss net snmp disk io() or ss net snmp disk bytes() functions, a portion of each OID is used as a key in an array that is then used as part of a system command, leading to remote code execution. Approximately 179,000 instances of Cacti are discoverable online.

Recommendations Upgrade to Cacti version 1.2.29 or later. Upgrade to Cacti version 1.2.24+ds1-1+deb12u5 or later. Upgrade to Cacti version 1.2.16+ds1-2+deb11u5 or later.