CVE-2005-10004
Published: 30 August 2025
Summary
CVE-2005-10004 is a high-severity OS Command Injection (CWE-78) vulnerability in Cacti Cacti. Its CVSS base score is 8.8 (High).
Operationally, ranked in the top 2.0% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly mitigates the vulnerability by requiring timely remediation through patching or upgrading Cacti to version 0.8.6-d or later where the command injection flaw is fixed.
Prevents OS command injection by enforcing validation and sanitization of the graph_start GET parameter in the graph_view.php script before processing.
Limits damage from successful RCE exploitation by enforcing least privilege on the web server process executing the injected commands.
NVD Description
Cacti versions prior to 0.8.6-d contain a remote command execution vulnerability in the graph_view.php script. An authenticated user can inject arbitrary shell commands via the graph_start GET parameter, which is improperly handled during graph rendering. This flaw allows attackers to…
more
execute commands on the underlying operating system with the privileges of the web server process, potentially compromising system integrity.
Deeper analysisAI
Cacti versions prior to 0.8.6-d are affected by a remote command execution vulnerability in the graph_view.php script, classified under CWE-78 (OS Command Injection). The issue stems from improper handling of the graph_start GET parameter during graph rendering, allowing injection of arbitrary shell commands. This flaw carries a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), indicating high severity due to its potential for confidentially, integrity, and availability impacts.
An authenticated user with low privileges (PR:L) can exploit this vulnerability remotely over the network with low complexity and no user interaction required. Successful exploitation enables execution of arbitrary commands on the underlying operating system under the privileges of the web server process, potentially leading to full system compromise and integrity violations.
References point to mitigation through upgrading to Cacti version 0.8.6-d or later, as indicated by official download pages. Public exploits are available, including a Metasploit module for unix/webapp/cacti_graphimage_exec and entries on Exploit-DB (e.g., 16881 and 9911), confirming active exploitation vectors.
This vulnerability, despite its 2005-era origins, received a CVE assignment in 2025, highlighting ongoing risks in legacy Cacti deployments with documented real-world exploits.
Details
- CWE(s)