logo
Vulnerability feed
CONTRIBUTE

Vulnerability

warn

CVE-2025-22604

Reference to the description:

https://nvd.nist.gov/vuln/detail/CVE-2025-22604

Description:
Cacti is an open source performance and fault management framework. Due to a flaw in multi-line SNMP result parser, authenticated users can inject malformed OIDs in the response. When processed by ss_net_snmp_disk_io() or ss_net_snmp_disk_bytes(), a part of each OID will be used as a key in an array that is used as part of a system command, causing a command execution vulnerability. This vulnerability is fixed in 1.2.29.
Last updated date:
03/04/2025
Type:
exploit
Confidence:
HIGH
Date of publishing:
03/04/2025
Reference url to background

https://github.com/Cacti/cacti/security/advisories/GHSA-c5j8-jxj3-hh36

Vulnerability FeedContributorsAboutBlog

@inTheWild

©2025

Privacy Policy