Critical Cacti Vulnerability Let Attackers Code Remotely – PoC Released
- С сайта: Vulnerability(cybersecuritynews.com)
- Вернуться к списку новостей
С сайта: Vulnerability(cybersecuritynews.com)
The widely used open-source network monitoring tool, Cacti, identified a critical vulnerability.The flaw, tracked as CVE-2025-22604 has a CVSS score of 9.1, indicating high severity.
It allows authenticated users with device management permissions to execute arbitrary commands on the server, posing significant risks to data integrity and system security.
Cacti RCE Vulnerability
According to security researcher u32i, the vulnerability stems from a flaw in Cacti’s multi-line SNMP (Simple Network Management Protocol) result parser. Specifically, authenticated users can inject malformed Object Identifiers (OIDs) into SNMP responses.
These malformed OIDs are processed by functions such as ss_net_snmp_disk_io() and ss_net_snmp_disk_bytes(). During processing, parts of the OIDs are used as keys in an array that is later incorporated into a shell command. This improper handling creates an OS Command Injection vulnerability.
The issue originates in the cacti_snmp_walk() function, which uses exec_into_array() to execute commands and parse multi-line SNMP results into arrays. While the values are filtered during parsing, the OIDs themselves are not sanitized.
If a line lacks a valid OID, its content is appended to the previous OID’s value without filtering. This oversight enables attackers to craft malicious payloads.
Proof of Concept (PoC)
A proof-of-concept (PoC) exploit has been publicly released, demonstrating how attackers can leverage this vulnerability:
Proof-of-concept (PoC) exploit
Successful exploitation grants attackers the ability to:
This vulnerability is particularly dangerous because it requires only authenticated access with device management permissions, making it exploitable by malicious insiders or attackers who gain access credentials through phishing or other means.
Users are strongly advised to upgrade to version 1.2.29 or later, where this issue has been patched.
CVE-2025-22604 highlights the critical importance of input validation and secure coding practices in network management tools like Cacti.
Organizations using Cacti should act immediately to patch their systems and implement robust security measures to prevent exploitation of this vulnerability.
#Cyber_Security #Cyber_Security_News #Security_News #Vulnerability #cyber_security #cyber_security_news #vulnerability
Оригинальная версия на сайте:
Critical Cacti Vulnerability Let Attackers Code Remotely – PoC Released
Author: Kaaviya RagupathyThe widely used open-source network monitoring tool, Cacti, identified a critical vulnerability.The flaw, tracked as CVE-2025-22604 has a CVSS score of 9.1, indicating high severity.
It allows authenticated users with device management permissions to execute arbitrary commands on the server, posing significant risks to data integrity and system security.
Cacti RCE Vulnerability
According to security researcher u32i, the vulnerability stems from a flaw in Cacti’s multi-line SNMP (Simple Network Management Protocol) result parser. Specifically, authenticated users can inject malformed Object Identifiers (OIDs) into SNMP responses.
These malformed OIDs are processed by functions such as ss_net_snmp_disk_io() and ss_net_snmp_disk_bytes(). During processing, parts of the OIDs are used as keys in an array that is later incorporated into a shell command. This improper handling creates an OS Command Injection vulnerability.
The issue originates in the cacti_snmp_walk() function, which uses exec_into_array() to execute commands and parse multi-line SNMP results into arrays. While the values are filtered during parsing, the OIDs themselves are not sanitized.
If a line lacks a valid OID, its content is appended to the previous OID’s value without filtering. This oversight enables attackers to craft malicious payloads.
Proof of Concept (PoC)
A proof-of-concept (PoC) exploit has been publicly released, demonstrating how attackers can leverage this vulnerability:
- Start an SNMP agent configured to send a crafted payload.
- Modify the “Local Linux Machine” device port in Cacti to point to the attacker’s SNMP agent.
- Add the “Net-SNMP – Combined SCSI Disk I/O” graph template to the device.
- Navigate to the graph tree, select “Local Linux Machine,” and click “view in real-time” for the “Combined SCSI Disk I/O” graph.
- The exploit allows attackers to inject commands via malformed OIDs, bypassing Cacti’s attempt to quote JSON-encoded data before passing it to a shell.
Proof-of-concept (PoC) exploit Successful exploitation grants attackers the ability to:
- Execute arbitrary code on the server.
- Access, modify, or delete sensitive data.
- Compromise system integrity and availability.
This vulnerability is particularly dangerous because it requires only authenticated access with device management permissions, making it exploitable by malicious insiders or attackers who gain access credentials through phishing or other means.
Users are strongly advised to upgrade to version 1.2.29 or later, where this issue has been patched.
CVE-2025-22604 highlights the critical importance of input validation and secure coding practices in network management tools like Cacti.
Organizations using Cacti should act immediately to patch their systems and implement robust security measures to prevent exploitation of this vulnerability.
#Cyber_Security #Cyber_Security_News #Security_News #Vulnerability #cyber_security #cyber_security_news #vulnerability
Оригинальная версия на сайте:
