CVE-2025-24367
HIGHCVSS Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
4Description
Cacti is an open source performance and fault management framework. An authenticated Cacti user can abuse graph creation and graph template functionality to create arbitrary PHP scripts in the web root of the application, leading to remote code execution on the server. This vulnerability is fixed in 1.2.29.
Analysis
Cacti monitoring platform prior to version 1.2.29 allows authenticated users to achieve remote code execution through the graph creation and template functionality. Attackers abuse the graphing engine to create arbitrary PHP scripts in the web root, escalating from monitoring access to full server control.
Technical Context
The graph creation workflow allows users to define custom graph templates with data source paths. By manipulating the template parameters, an authenticated user can cause the graphing engine to write PHP code into files within the web root directory. The crafted graph template generates a valid PHP script instead of a graph image, which can then be accessed directly via HTTP.
Affected Products
['Cacti < 1.2.29']
Remediation
Update to Cacti 1.2.29. Restrict graph template creation to trusted administrators only. Configure the web server to deny PHP execution in graph output directories. Monitor the web root for unexpected PHP file creation.
Priority Score
Vendor Status
Share
External POC / Exploit Code
Leaving vuln.today