VDB
WID-SEC-W-2025-0190
WID-SEC-W-2025-0190
PUBLISHED
Cacti ist ein grafisches Frontend zur Visualisierung von statistischen Daten, erfasst durch die Round Robin Database rrdtool.
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Debian Linux | ||
| Open Source Cacti 1.2.29 | ||
| Open Source Cacti <1.2.29 |
Exploit Intelligence
- CVE-2025-24367 - Cacti Authenticated Graph Template RCE (github-poc)
- CVE-2025-24367: Cacti AuthN Graph Template RCE in posix sh (github-poc-repo)
- ShoshinMaster/CVE-2025-24367 (github-poc-repo)
- Script hecho para obtener una webshell gracias a la vulnerabilidad de cacti CVE-2025-24367 en su versión 1.2.28. (github-poc-repo)
- Script hecho para obtener una webshell gracias a la vulnerabilidad de cacti CVE-2025-24367 en su versión 1.2.28. (github-poc)
- ShoshinMaster/CVE-2025-24367 (github-poc)
- CVE-2025-24367: Cacti AuthN Graph Template RCE in posix sh (github-poc)
- Authenticated RCE PoC for Cacti (CVE‑2025‑24367). Uses graph template injection to write and execute a payload via the “Unix – Logged in Users” template. Intended for labs and controlled testing only. (github-poc)
- CVE-2025-24367 - Cacti Authenticated Graph Template RCE (github-poc)
- Proof of Concept for CVE-2025-24367 (github-poc)
…and 13 more exploits
Timeline
- Jan 26, 2025 CVE Published
- Feb 11, 2025 CVE Updated
References
- https://wid.cert-bund.de/.well-known/csaf/white/2025/wid-sec-w-2025-0190.json advisory
- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-0190 advisory
- https://github.com/Cacti/cacti/security/advisories/GHSA-c5j8-jxj3-hh36 url
- https://github.com/Cacti/cacti/security/advisories/GHSA-f9c7-7rc3-574c url
- https://github.com/Cacti/cacti/security/advisories/GHSA-fh3x-69rr-qqpp url
- https://github.com/Cacti/cacti/security/advisories/GHSA-fxrq-fr7h-9rqq url
- https://github.com/Cacti/cacti/security/advisories/GHSA-pv2c-97pp-vxwg url
- https://github.com/Cacti/cacti/security/advisories/GHSA-vj9g-p7f2-4wqj url
- https://lists.debian.org/debian-security-announce/2025/msg00024.html url
- https://lists.debian.org/debian-lts-announce/2025/02/msg00010.html url