Vulnerability’s ID is CVE-2025-22604; its CVSS score is 9.1 out of 10. A flaw in the parser of multi-line SNMP results enables authenticated users to inject malformed OIDs into the response.
“When processed by ss_net_snmp_disk_io() or ss_net_snmp_disk_bytes(), a part of each OID will be used as a key in an array that is used as part of a system command, causing a command execution vulnerability,” – Cacti team explains.
Successful exploitation of this vulnerability allows an authenticated attacker to execute arbitrary code on the server, as well as steal, modify, or delete sensitive data.
CVE-2025-22604 affects all Cacti versions up to and including 1.2.28. The bug was fixed in version 1.2.29.
In addition, the latest version fixes the CVE-2025-24367 vulnerability (CVSS score 7.2) enabling an authenticated attacker to create arbitrary PHP scripts in the web root of the application resulting in remote code execution on the server.
Since Cacti is widely used in data centers, telecom companies, and hosting providers for network infrastructure operational monitoring, data collection and fault management, organizations are urged to apply the required patches as soon as possible.
