Security Advisory

CVE-2025-22604

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2025-01-27 17:06:58

Last updated 2025-11-03 21:00:09

Assigner GitHub_M

State PUBLISHED

Description

Cacti is an open source performance and fault management framework. Due to a flaw in multi-line SNMP result parser, authenticated users can inject malformed OIDs in the response. When processed by ss_net_snmp_disk_io() or ss_net_snmp_disk_bytes(), a part of each OID will be used as a key in an array that is used as part of a system command, causing a command execution vulnerability. This vulnerability is fixed in 1.2.29.

← Browse all CVEs View on cve.org ↗