Which versions of PHP are affected by CVE-2025-24367?

Organizations using Cacti face significant risk from CVE-2025-24367 rated CVSS 8.7.. A patch is available.

Is there a public PoC exploit available for CVE-2025-24367?

Yes, a public proof-of-concept exploit is available for CVE-2025-24367. Prioritise patching immediately. EPSS: 90.5%.

How to fix or mitigate CVE-2025-24367?

Within 7 days: Identify all affected systems and apply vendor patches promptly. Vendor patch is available.

PHP CVE-2025-24367

Q: What is the CVSS score of CVE-2025-24367?

CVE-2025-24367 has a CVSS 4.0 base score of 8.7 (High). CVSS vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 90.5%.

HIGH

Improper Neutralization of Line Delimiters (CWE-144)

2025-01-27 security-advisories@github.com

PHP RCE Cacti Suse

8.7

CVSS 4.0

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Lifecycle Timeline

Analysis Generated

Mar 28, 2026 - 18:05 vuln.today

Patch released

Mar 28, 2026 - 18:05 nvd

Patch available

PoC Detected

Nov 03, 2025 - 22:18 vuln.today

Public exploit code

CVE Published

Jan 27, 2025 - 18:15 nvd

HIGH 8.7

DescriptionNVD

Cacti is an open source performance and fault management framework. An authenticated Cacti user can abuse graph creation and graph template functionality to create arbitrary PHP scripts in the web root of the application, leading to remote code execution on the server. This vulnerability is fixed in 1.2.29.

AnalysisAI

Cacti monitoring platform prior to version 1.2.29 allows authenticated users to achieve remote code execution through the graph creation and template functionality. Attackers abuse the graphing engine to create arbitrary PHP scripts in the web root, escalating from monitoring access to full server control.

Technical ContextAI

The graph creation workflow allows users to define custom graph templates with data source paths. By manipulating the template parameters, an authenticated user can cause the graphing engine to write PHP code into files within the web root directory. The crafted graph template generates a valid PHP script instead of a graph image, which can then be accessed directly via HTTP.

RemediationAI

Update to Cacti 1.2.29. Restrict graph template creation to trusted administrators only. Configure the web server to deny PHP execution in graph output directories. Monitor the web root for unexpected PHP file creation.

More from same product – last 7 days

CVE-2026-9256 HIGH This Week

8.1 May 22

Heap buffer overflow in NGINX Plus and NGINX Open Source ngx_http_rewrite_module allows unauthenticated remote attackers

Vendor StatusVendor

CVE-2025-24367 vulnerability details – vuln.today

Back

PHP CVE-2025-24367

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

Technical ContextAI

RemediationAI

More from same product – last 7 days

Vendor StatusVendor

Share

PHP CVE-2025-24367

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

Technical ContextAI

RemediationAI

More from same product – last 7 days

Vendor StatusVendor

Share

External POC / Exploit Code