Fluid Attacks Database

Description

Cacti is an open source performance and fault management framework. Due to a flaw in multi-line SNMP result parser, authenticated users can inject malformed OIDs in the response. When processed by ss_net_snmp_disk_io() or ss_net_snmp_disk_bytes(), a part of each OID will be used as a key in an array that is used as part of a system command, causing a command execution vulnerability. This vulnerability is fixed in 1.2.29.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 12	cacti	=1.2.24+ds1-1 \|\| =1.2.24+ds1-1+deb12u1 \|\| =1.2.24+ds1-1+deb12u2 \|\| =1.2.24+ds1-1+deb12u3 \|\| =1.2.24+ds1-1+deb12u4 \|\| >=0 <1.2.24+ds1-1+deb12u5	1.2.24+ds1-1+deb12u5
debian 13	cacti	>=0 <1.2.28+ds1-4	1.2.28+ds1-4
debian 11	cacti	=1.2.16+ds1-2 \|\| =1.2.16+ds1-2+deb11u1 \|\| =1.2.16+ds1-2+deb11u2 \|\| =1.2.16+ds1-2+deb11u3 \|\| =1.2.16+ds1-2+deb11u4 \|\| >=0 <1.2.16+ds1-2+deb11u5	1.2.16+ds1-2+deb11u5
debian 14	cacti	>=0 <1.2.28+ds1-4	1.2.28+ds1-4

Aliases

1. CVE-2025-226042. NVD-2025-226043. OSV-DEBIAN-2025-226044. OSV-2025-226045. SECURITY-TRACKER-CVE-2025-22604

References

1. https://github.com/ishwardeepp/CVE-2025-22604-Cacti-RCE

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.