CVE-2025-24368

Name of the Vulnerable Software and Affected Versions Cacti versions prior to 1.2.29

Description The issue is related to the build rule item filter() function in the api automation.php script of the Cacti network monitoring tool, which fails to properly protect the SQL query structure. This can allow a remote attacker to execute arbitrary code. The vulnerability is caused by the concatenation of SQL statements using unchecked data from automation tree rules.php.

Recommendations For versions prior to 1.2.29, update to version 1.2.29 to resolve the issue. As a temporary workaround, consider restricting access to the build rule item filter() function in lib/api automation.php until the update is applied.