Security News > 2025 > January > Critical Cacti Security Flaw (CVE-2025-22604) Enables Remote Code Execution
2025-01-29 10:21
A critical security flaw has been disclosed in the Cacti open-source network monitoring and fault management framework that could allow an authenticated attacker to achieve remote code execution on susceptible instances. The flaw, tracked as CVE-2025-22604, carries a CVSS score of 9.1 out of a maximum of 10.0. "Due to a flaw in the multi-line SNMP result parser, authenticated users can inject
News URL
https://thehackernews.com/2025/01/critical-cacti-security-flaw-cve-2025.html
Related news
- Still Using an Older Version of iOS or iPadOS? Update Now to Patch These Critical Security Vulnerabilities (source)
- Critical Flaw in Apache Parquet Allows Remote Attackers to Execute Arbitrary Code (source)
- Why remote work is a security minefield (and what you can do about it) (source)
- ActiveX blocked by default in Microsoft 365 because remote code execution is bad, OK? (source)
- MITRE warns that funding for critical CVE program expires today (source)
- CISA extends funding to ensure 'no lapse in critical CVE services' (source)
- Critical Erlang/OTP SSH Vulnerability (CVSS 10.0) Allows Unauthenticated Code Execution (source)
- PoC exploit for critical Erlang/OTP SSH bug is public (CVE-2025-32433) (source)
- Critical Commvault RCE vulnerability fixed, PoC available (CVE-2025-34028) (source)
- Critical SAP NetWeaver flaw exploited by suspected initial access broker (CVE-2025-31324) (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2025-01-27 | CVE-2025-22604 | OS Command Injection vulnerability in Cacti Cacti is an open source performance and fault management framework. | 7.2 |