Cyber Resilience

CVE-2025-22604

CriticalPublic PoCRCE

Published: 27 January 2025

Published
27 January 2025
Modified
03 November 2025
KEV Added
Patch
CVSS Score v3.1 9.1 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
EPSS Score 0.7007 98.7th percentile
Risk Priority 60 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-22604 is a critical-severity OS Command Injection (CWE-78) vulnerability in Cacti Cacti. Its CVSS base score is 9.1 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 1.3% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Deeper analysis

Cacti, an open source performance and fault management framework, is affected by CVE-2025-22604, a command injection flaw stemming from improper handling in its multi-line SNMP result parser. Authenticated users can supply malformed OIDs that are processed by the functions ss_net_snmp_disk_io() or ss_net_snmp_disk_bytes(), allowing portions of each OID to serve as array keys incorporated directly into system commands. The issue is tracked under CWE-78 and carries a CVSS 3.1 score of 9.1.

An attacker with valid credentials can exploit the vulnerability over the network to execute arbitrary commands on the affected system, resulting in full compromise of confidentiality, integrity, and availability. The attack requires high privileges but no user interaction and changes scope, enabling the injected commands to affect components beyond the initial process.

The vulnerability is fixed in Cacti 1.2.29. The project has published a corresponding commit and security advisory, while Debian has released updates via its LTS announcement channels to address affected packages. The current EPSS score of 0.7007, with a recorded peak of 0.7221, indicates sustained exploitation interest following disclosure.

EU & UK References

Vulnerability details

Cacti is an open source performance and fault management framework. Due to a flaw in multi-line SNMP result parser, authenticated users can inject malformed OIDs in the response. When processed by ss_net_snmp_disk_io() or ss_net_snmp_disk_bytes(), a part of each OID will…

more

be used as a key in an array that is used as part of a system command, causing a command execution vulnerability. This vulnerability is fixed in 1.2.29.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1059.004 Unix Shell Execution
Adversaries may abuse Unix shell commands and scripts for execution.
Why these techniques?

Command injection vulnerability in Cacti web app enables exploitation of public-facing application for initial access and arbitrary system command execution via Unix shell.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2005-10004Same product: Cacti Cacti
CVE-2025-26520Same product: Cacti Cacti
CVE-2024-54146Same product: Cacti Cacti
CVE-2025-66399Same product: Cacti Cacti
CVE-2024-54145Same product: Cacti Cacti
CVE-2025-24367Same product: Cacti Cacti
CVE-2025-24368Same product: Cacti Cacti
CVE-2026-42454Shared CWE-78
CVE-2026-34796Shared CWE-78
CVE-2024-57016Shared CWE-78

Affected Assets

cacti
cacti
≤ 1.2.29

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly mandates identification, reporting, and correction of the command injection flaw in Cacti via timely patching to version 1.2.29.

prevent

Requires validation of SNMP OID inputs to prevent malformed OIDs from being processed into system commands by ss_net_snmp_disk_io() or ss_net_snmp_disk_bytes().

prevent

Enforces least privilege for authenticated high-privilege users, limiting the scope and impact of command execution even if malformed OIDs are injected.

References