CVE-2025-22604 — CRITICAL (9.1)

Q: How severe is CVE-2025-22604?

CVE-2025-22604 has been rated CRITICAL with a CVSS base score of 9.1/10. This is considered a critical vulnerability requiring immediate attention.

Q: Is there a patch for CVE-2025-22604?

Check the references section above for vendor advisories and patch information. Affected products include: Cacti Cacti.

Vulnerability Description

Cacti is an open source performance and fault management framework. Due to a flaw in multi-line SNMP result parser, authenticated users can inject malformed OIDs in the response. When processed by ss_net_snmp_disk_io() or ss_net_snmp_disk_bytes(), a part of each OID will be used as a key in an array that is used as part of a system command, causing a command execution vulnerability. This vulnerability is fixed in 1.2.29.

CVSS Score

9.1

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Cacti	Cacti	< 1.2.29

Related Weaknesses (CWE)

CWE-78

References

FAQ

What is CVE-2025-22604?

CVE-2025-22604 is a vulnerability with a CVSS score of 9.1 (CRITICAL). Cacti is an open source performance and fault management framework. Due to a flaw in multi-line SNMP result parser, authenticated users can inject malformed OIDs in the response. When processed by ss_...

How severe is CVE-2025-22604?

CVE-2025-22604 has been rated CRITICAL with a CVSS base score of 9.1/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2025-22604?

Check the references section above for vendor advisories and patch information. Affected products include: Cacti Cacti.