Security News > 2025 > January > Critical Cacti Security Flaw (CVE-2025-22604) Enables Remote Code Execution
2025-01-29 10:21
A critical security flaw has been disclosed in the Cacti open-source network monitoring and fault management framework that could allow an authenticated attacker to achieve remote code execution on susceptible instances. The flaw, tracked as CVE-2025-22604, carries a CVSS score of 9.1 out of a maximum of 10.0. "Due to a flaw in the multi-line SNMP result parser, authenticated users can inject
News URL
https://thehackernews.com/2025/01/critical-cacti-security-flaw-cve-2025.html
Related news
- Critical RCE Flaw in GFI KerioControl Allows Remote Code Execution via CRLF Injection (source)
- The ongoing evolution of the CIS Critical Security Controls (source)
- Rsync vulnerabilities allow remote code execution on servers, patch quickly! (source)
- SonicWall Urges Immediate Patch for Critical CVE-2025-23006 Flaw Amid Likely Exploitation (source)
- Meta's Llama Framework Flaw Exposes AI Systems to Remote Code Execution Risks (source)
- Zyxel CPE devices under attack via critical vulnerability without a patch (CVE-2024-40891) (source)
- Google Patches 47 Android Security Flaws, Including Actively Exploited CVE-2024-53104 (source)
- Don't Overlook These 6 Critical Okta Security Configurations (source)
- New “whoAMI” Attack Exploits AWS AMI Name Confusion for Remote Code Execution (source)
- Critical flaws in Mongoose library expose MongoDB to data thieves, code execution (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2025-01-27 | CVE-2025-22604 | Cacti is an open source performance and fault management framework. | 0.0 |