Summary: The Cacti Group, Inc. has announced a critical vulnerability (CVE-2025-22604) in its network monitoring software that allows authenticated attackers to execute remote code. This flaw affects the multi-line SNMP response parser and poses significant risks to sensitive data and network operations. Users are urged to update to version 1.2.29 to mitigate these vulnerabilities.
Affected: The Cacti Group, Inc.
Keypoints :
- Critical vulnerability identified with a CVSS score of 9.1.
- Attackers can exploit the flaw by injecting malformed OIDs into SNMP responses.
- Allows command execution with the privileges of the Cacti application, risking sensitive data.
- The Cacti Group has released version 1.2.29 to address the vulnerability.
- Organizations are strongly encouraged to apply the necessary updates urgently.