Remote Code Execution Flaw in Cacti, PoC Released

Summary: The Cacti Group, Inc. has announced a critical vulnerability (CVE-2025-22604) in its network monitoring software that allows authenticated attackers to execute remote code. This flaw affects the multi-line SNMP response parser and poses significant risks to sensitive data and network operations. Users are urged to update to version 1.2.29 to mitigate these vulnerabilities.

Affected: The Cacti Group, Inc.

Keypoints :

  • Critical vulnerability identified with a CVSS score of 9.1.
  • Attackers can exploit the flaw by injecting malformed OIDs into SNMP responses.
  • Allows command execution with the privileges of the Cacti application, risking sensitive data.
  • The Cacti Group has released version 1.2.29 to address the vulnerability.
  • Organizations are strongly encouraged to apply the necessary updates urgently.

Source: https://securityonline.info/cve-2025-22604-cvss-9-1-remote-code-execution-flaw-in-cacti-poc-released/