CVE-2025-66399

CVSS v2.0

9.0

Vector

AV:N/AC:L/Au:S/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Cacti versions prior to 1.2.29

Description Cacti is a performance and fault management framework. A flaw exists in the SNMP device configuration functionality due to insufficient input validation. An authenticated Cacti user can provide crafted SNMP community strings containing control characters, which are stored and used in backend SNMP operations. In environments where downstream SNMP tooling interprets these characters as command boundaries, this can lead to unintended command execution with the privileges of the Cacti process.

Recommendations Update to Cacti version 1.2.29 or later.

Exploit

Fix

RCE

Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-77

Related Identifiers

BDU:2025-15397

CVE-2025-66399

GHSA-C7RR-2H93-7GJF

Affected Products

Cacti

Debian

CVE-2025-66399

Weakness Enumeration

Related Identifiers

Affected Products

References · 18