- Description
- Cacti is an open source performance and fault management framework. Due to a flaw in multi-line SNMP result parser, authenticated users can inject malformed OIDs in the response. When processed by ss_net_snmp_disk_io() or ss_net_snmp_disk_bytes(), a part of each OID will be used as a key in an array that is used as part of a system command, causing a command execution vulnerability. This vulnerability is fixed in 1.2.29.
- Source
- security-advisories@github.com
- NVD status
- Received
CVSS 3.1
- Type
- Secondary
- Base score
- 9.1
- Impact score
- 6
- Exploitability score
- 2.3
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
- Severity
- CRITICAL
- security-advisories@github.com
- CWE-78
Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.
- Hype score
7
🗞️ Critical Cacti Security Flaw (CVE-2025-22604) Enables Remote Code Execution A critical vulnerability in the Cacti monitoring framework (CVE-2025-22604) allows authenticated attackers to execute remote code on affected systems. To mitigate this severe security flaw, immediate
@gossy_84
30 Jan 2025
92 Impressions
1 Retweet
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-22604 (CVSS 9.1): Remote Code Execution Flaw in Cacti, PoC Released https://t.co/gK2C0iMmfP
@Dinosn
30 Jan 2025
3400 Impressions
17 Retweets
66 Likes
14 Bookmarks
0 Replies
0 Quotes
🚨 CVE-2025-22604 Alert! 🚨 Ensure your network is protected from this critical Cacti vulnerability. Learn the recommended security measures now! 🔒⚠️ #cybersecurity #CVE2025 #stayprotected #cactisecurity #cactivulnerability https://t.co/i1OwAeQHGn
@AbhishekMitra5
30 Jan 2025
106 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Critical Cacti Security Flaw (CVE-2025-22604) Enables Remote Code Execution Read More : https://t.co/yo70gUHT94 https://t.co/lmWgKgrwXV
@techpio_team
30 Jan 2025
63 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Investigadores han encontrado una vulnerabilidad crítica de seguridad en el software de monitoreo de red Cacti, catalogada como CVE-2025-22604, que permite a usuarios autenticados ejecutar código de manera remota. Con una calificación CVSS de 9.1, esta falla se origina en un… ht
@citarafy
29 Jan 2025
37 Impressions
0 Retweets
2 Likes
1 Bookmark
0 Replies
0 Quotes
Critical Cacti Security #flaw (#CVE-2025-22604) Enables Remote Code Execution https://t.co/qQUg0oR9YZ
@AdliceSoftware
29 Jan 2025
37 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
🚨🚨CVE-2025-22604 (CVSS: 9.1) : Cacti Has Authenticated RCE Via Multi-Line SNMP Responses ⚠️Due to a flaw in multi-line SNMP result parser, authenticated users can inject malformed OIDs in the response. ZoomEye Dork👉app="Cacti" 179k+ results are found on ZoomEye. ZoomEye… htt
@zoomeye_team
29 Jan 2025
635 Impressions
3 Retweets
6 Likes
3 Bookmarks
0 Replies
0 Quotes
⚡Critical Cacti Security Flaw (CVE-2025-22604) Enables Remote Code Execution. #CyberNews https://t.co/AYEtcqAcej
@dilagrafie
29 Jan 2025
158 Impressions
4 Retweets
10 Likes
0 Bookmarks
0 Replies
0 Quotes
⚠️ A critical vulnerability (CVE-2025-22604) in Cacti software allows authenticated attackers to execute remote code, risking sensitive data. Update to version 1.2.29 to stay safe. 🚨 #Cacti #DataProtection #USA link: https://t.co/VJpmzE3hBp https://t.co/1csZWgn9pR
@TweetThreatNews
29 Jan 2025
69 Impressions
0 Retweets
2 Likes
0 Bookmarks
0 Replies
0 Quotes
Critical Cacti Security Flaw (CVE-2025-22604) Enables Remote Code Execution #CISO https://t.co/xWDWy28wUk https://t.co/z8XsE5UsdE
@compuchris
29 Jan 2025
50 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
A critical security flaw (CVE-2025-22604) in Cacti allows remote code execution for authenticated users, affecting versions up to 1.2.28. Urgent updates are necessary to protect sensitive data. ⚠️ #Cacti #DataProtection #USA link: https://t.co/ZiJw5DQbpT https://t.co/yllawtiW4W
@TweetThreatNews
29 Jan 2025
70 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
OSSの性能監視フレームワークCactiにおける重大(Critical)な脆弱性がPoC(攻撃の概念実証コード)と同時公開された。CVE-2025-22604はCVSSスコア9.1¹。複数行SNMP結果のパース不備に起因し、認証後のユーザがシステムコマンドを実行可能。 https://t.co/qJW6fRsb1V ¹ 記事では10となっているが、… https://t.co/YZyzGStj9a
@__kokumoto
29 Jan 2025
1218 Impressions
6 Retweets
9 Likes
0 Bookmarks
0 Replies
0 Quotes
Critical Cacti Security Flaw (CVE-2025-22604) Enables Remote Code Execution https://t.co/PpVaxixZPc
@Dinosn
29 Jan 2025
2246 Impressions
7 Retweets
20 Likes
2 Bookmarks
0 Replies
0 Quotes
Critical Cacti #Security #Flaw (#CVE-2025-22604) Enables Remote Code Execution https://t.co/UgDzV6K1BW
@ScyScan
29 Jan 2025
34 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Critical Cacti Security Flaw (CVE-2025-22604) Enables Remote Code Execution https://t.co/0YlxMKJpKz https://t.co/2Vf6GlySNm
@talentxfactor
29 Jan 2025
6 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
⚠️ A critical flaw (CVE-2025-22604) in Cacti could lead to remote code execution. If exploited, authenticated attackers could steal or manipulate sensitive data. Patch to version 1.2.29 to fix this flaw and protect your systems. Learn more: https://t.co/IrfhOjxOaZ
@TheHackersNews
29 Jan 2025
10074 Impressions
40 Retweets
86 Likes
7 Bookmarks
2 Replies
0 Quotes
CVE-2025-22604: Cacti’deki Kritik Güvenlik Açığı - Uzaktan Kod Yürütme https://t.co/RlwQSH2pme
@cyberwebeyeos
29 Jan 2025
17 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Critical Cacti Vulnerability Let Attackers Code Remotely – PoC Released https://t.co/pcwuyZYzf4 The widely used open-source network monitoring tool, Cacti, identified a critical vulnerability. The flaw, tracked as CVE-2025-22604 has a CVSS score of 9.1, indicating high severit…
@f1tym1
29 Jan 2025
16 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
A critical security vulnerability in the Cacti performance monitoring framework, identified as CVE-2025-22604, enables authenticated users to execute arbitrary code on servers by exploiting a flaw in SNMP response parsing. With a CVSS score of 10, organizations using vulnerabl...
@CybrPulse
29 Jan 2025
48 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
CVE-2025-22604 (CVSS 9.1): Remote Code Execution Flaw in Cacti, PoC Released https://t.co/FBeQDTHA9P
@the_yellow_fall
29 Jan 2025
484 Impressions
4 Retweets
11 Likes
1 Bookmark
0 Replies
0 Quotes
[CVE-2025-22604: CRITICAL] Critical flaw in Cacti's SNMP result parser fixed in version 1.2.29. Authenticated users could inject OIDs causing command execution. Update now for improved cyber security.#cybersecurity,#vulnerability https://t.co/y4Q4MPuQKt https://t.co/jClmuE3jP7
@CveFindCom
27 Jan 2025
35 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-22604 Cacti is an open source performance and fault management framework. Due to a flaw in multi-line SNMP result parser, authenticated users can inject malformed OIDs in t… https://t.co/JRWR9cXILX
@CVEnew
27 Jan 2025
244 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes