CVE-2025-22604

CVSS 3.1 Score 9.1 of 10 (high)

Details

Published Jan 27, 2025

CWE ID 78

Summary

CVE-2025-22604 is a vulnerability affecting the open source performance and fault management framework, Cacti. The issue lies in the multi-line SNMP result parser, where authenticated users can inject malformed Object Identifiers (OIDs). When these malformed OIDs are processed by ss_net_snmp_disk_io() or ss_net_snmp_disk_bytes(), a part of each OID is utilized as an array key for executing system commands. Consequently, attackers can exploit this flaw for command execution. This vulnerability has been rectified in Cacti version 1.2.29.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/2Q7MFM
https://www.cve.org/CVERecord?id=CVE-2025-22604
https://nvd.nist.gov/vuln/detail/CVE-2025-22604

Back to Vulnerability Database

CVE-2025-22604

CVSS 3.1 Score 9.1 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations