CVE-2025-22604
- Reference to the description:
- Description:
- Cacti is an open source performance and fault management framework. Due to a flaw in multi-line SNMP result parser, authenticated users can inject malformed OIDs in the response. When processed by ss_net_snmp_disk_io() or ss_net_snmp_disk_bytes(), a part of each OID will be used as a key in an array that is used as part of a system command, causing a command execution vulnerability. This vulnerability is fixed in 1.2.29.
- Last updated date:
- 03/04/2025
- Type:
- exploit
- Confidence:
- HIGH
- Date of publishing:
- 03/04/2025
- Reference url to background
https://github.com/Cacti/cacti/security/advisories/GHSA-c5j8-jxj3-hh36