Description

Cacti is an open source performance and fault management framework. Due to a flaw in multi-line SNMP result parser, authenticated users can inject malformed OIDs in the response. When processed by ss_net_snmp_disk_io() or ss_net_snmp_disk_bytes(), a part of each OID will be used as a key in an array that is used as part of a system command, causing a command execution vulnerability. This vulnerability is fixed in 1.2.29.

INFO

Published Date :

2025-01-27T17:06:58.215Z

Last Modified :

2025-11-03T21:00:09.159Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2025-22604 vulnerability.

Vendors Products
Cacti
  • Cacti
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-22604.

URL Resource
https://github.com/Cacti/cacti/commit/c7e4ee798d263a3209ae6e7ba182c7b65284d8f0 cve-icon cve-icon
https://github.com/Cacti/cacti/security/advisories/GHSA-c5j8-jxj3-hh36 cve-icon cve-icon
https://lists.debian.org/debian-lts-announce/2025/02/msg00010.html cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact