CVE-2025-66399

Name of the Vulnerable Software and Affected Versions Cacti versions prior to 1.2.29

Description Cacti is a performance and fault management framework. A flaw exists in the SNMP device configuration functionality due to insufficient input validation. An authenticated Cacti user can provide crafted SNMP community strings containing control characters, which are stored and used in backend SNMP operations. In environments where downstream SNMP tooling interprets these characters as command boundaries, this can lead to unintended command execution with the privileges of the Cacti process.

Recommendations Update to Cacti version 1.2.29 or later.