Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2025-24367

Cacti is an open source performance and fault management framework. An authenticated Cacti user can abuse graph creation and graph template functionality to create arbitrary PHP scripts in the web root of the application, leading to remote code execution on the server. This vulnerability is fixed in 1.2.29.

Published

2025-01-27T18:15:42.003

Last Modified

2025-04-18T02:22:25.780

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 8.8 (HIGH)

Weaknesses

Type: Secondary
CWE-144
Type: Primary
NVD-CWE-Other

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	cacti	cacti	< 1.2.29	Yes

References

https://github.com/Cacti/cacti/commit/c7e4ee798d263a3209ae6e7ba182c7b65284d8f0 Patch ([email protected])
https://github.com/Cacti/cacti/security/advisories/GHSA-fxrq-fr7h-9rqq Exploit, Vendor Advisory ([email protected])
https://github.com/Cacti/cacti/security/advisories/GHSA-fxrq-fr7h-9rqq Exploit, Vendor Advisory (134c704f-9b21-4f2e-91b3-4a467353bcc0)