VDB
DEBIAN-CVE-2025-24367
DEBIAN-CVE-2025-24367
PUBLISHED
CVSS 8.800000190734863 HIGH
Cacti is an open source performance and fault management framework. An authenticated Cacti user can abuse graph creation and graph template functionality to create arbitrary PHP scripts in the web root of the application, leading to remote code execution on the server. This vulnerability is fixed in 1.2.29.
Risk Scores
CVSS 3.1
8.800000190734863
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Debian:13 | cacti | 0, 0 |
| Debian:12 | cacti | 1.2.24+ds1-1+deb12u2, 1.2.24+ds1-1+deb12u3, 1.2.24+ds1-1+deb12u4 |
| Debian:11 | cacti | 0, 1.2.16+ds1-2, 1.2.16+ds1-2+deb11u1 |
| Debian:14 | cacti | 0 |
Exploit Intelligence
- CVE-2025-24367 - Cacti Authenticated Graph Template RCE (github-poc)
- CVE-2025-24367: Cacti AuthN Graph Template RCE in posix sh (github-poc-repo)
- ShoshinMaster/CVE-2025-24367 (github-poc-repo)
- Script hecho para obtener una webshell gracias a la vulnerabilidad de cacti CVE-2025-24367 en su versión 1.2.28. (github-poc-repo)
- Script hecho para obtener una webshell gracias a la vulnerabilidad de cacti CVE-2025-24367 en su versión 1.2.28. (github-poc)
- ShoshinMaster/CVE-2025-24367 (github-poc)
- CVE-2025-24367: Cacti AuthN Graph Template RCE in posix sh (github-poc)
- Authenticated RCE PoC for Cacti (CVE‑2025‑24367). Uses graph template injection to write and execute a payload via the “Unix – Logged in Users” template. Intended for labs and controlled testing only. (github-poc)
- CVE-2025-24367 - Cacti Authenticated Graph Template RCE (github-poc)
- Proof of Concept for CVE-2025-24367 (github-poc)
…and 2 more exploits
Timeline
- Jan 27, 2025 CVE Published
- May 10, 2026 CVE Updated