U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Critical remote code execution bug found in Cacti framework

A critical flaw in Cacti open-source network monitoring and fault management framework that could allow remote code execution. Cacti is an open-source platform that provides a robust and extensible operational monitoring and fault management framework for users. A critical vulnerability, tracked as CVE-2025-22604 (CVSS score of 9.1), in the Cacti open-source framework could allow an authenticated […]

cacti

A critical flaw in Cacti open-source network monitoring and fault management framework that could allow remote code execution.

Cacti is an open-source platform that provides a robust and extensible operational monitoring and fault management framework for users.

A critical vulnerability, tracked as CVE-2025-22604 (CVSS score of 9.1), in the Cacti open-source framework could allow an authenticated attacker to achieve remote code execution on susceptible instances, and steal, edit, or delete sensitive data.

The flaw resides in the multi-line SNMP result parser and allows authenticated users to inject malformed OIDs. Upon processing them, it triggers a command execution issue by using part of the OID as a key in a system command array.

“Due to a flaw in the multi-line SNMP result parser, authenticated users can inject malformed OIDs in the response,” reads the advisory published by the project maintainers. “When processed by ss_net_snmp_disk_io() or ss_net_snmp_disk_bytes(), a part of each OID will be used as a key in an array that is used as part of a system command, causing a command execution vulnerability.”

The vulnerability was discovered by a researcher who goes by the moniker u32i, it impacts all versions before 1.2.29.

Project maintainers also fixed an Arbitrary File Creation vulnerability, tracked as CVE-2025-24367 (CVSS score: 7.2), that could lead to remote code execution.

“An authenticated Cacti user can abuse graph creation and graph template functionality to create arbitrary PHP scripts in the web root of the application, leading to remote code execution on the server.”reads the advisory.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, Cacti)