AI description
CVE-2025-24367 is a remote code execution (RCE) vulnerability found in Cacti, an open-source framework used for performance and fault management. This flaw allows an authenticated Cacti user to create arbitrary PHP scripts within the application's web root. The vulnerability arises from improper input validation and neutralization, specifically in how Cacti handles graph creation and graph template functionality. Attackers can exploit this by abusing the graph template system to inject malicious PHP files directly into web-accessible directories, primarily due to the application's failure to adequately restrict file paths and sanitize user-controlled input, particularly newline characters, when interacting with the RRDtool binary. This issue has been addressed in Cacti version 1.2.29.
- Description
- Cacti is an open source performance and fault management framework. An authenticated Cacti user can abuse graph creation and graph template functionality to create arbitrary PHP scripts in the web root of the application, leading to remote code execution on the server. This vulnerability is fixed in 1.2.29.
- Source
- security-advisories@github.com
- NVD status
- Modified
- Products
- cacti
CVSS 4.0
- Type
- Secondary
- Base score
- 8.7
- Impact score
- -
- Exploitability score
- -
- Vector string
- CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
- Severity
- HIGH
CVSS 3.1
- Type
- Primary
- Base score
- 8.8
- Impact score
- 5.9
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
- Severity
- HIGH
- security-advisories@github.com
- CWE-144
- nvd@nist.gov
- NVD-CWE-Other
Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.
- Hype score
1
This was actually an easier box which was based on two CVES. One was Cacti rev shell CVE-2025-24367, while the other one was to escape the docker into host CVE-2025-9074. Learned how to escape docker and how to pragmatically use publicly available poc's. https://t.co/zbOiTsccbe
@codewithpike
25 May 2026
23 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
MonitorsFour Pwned MonitorsFour features information disclosure via a vulnerable API endpoint to extract credentials from a .env file, exploitation of Cacti 1.2.28 using CVE-2025-24367 for remote code execution Writup: https://t.co/p1Mp78oA4X https://t.co/Hw3PQonG7d
@T4T4R1S
24 May 2026
319 Impressions
0 Retweets
2 Likes
1 Bookmark
0 Replies
0 Quotes
MonitorsFour from @hackthebox_eu features PHP type juggling to dump users, CVE-2025-24367 for RCE in Cacti, and CVE-2025-9074 to abuse the Docker Desktop API and mount the Windows host drive for root. Beyond Root: a shell on Windows." https://t.co/DtjU6qwqjB
@0xdf_
23 May 2026
3498 Impressions
10 Retweets
58 Likes
20 Bookmarks
3 Replies
1 Quote
[HIGH] CVE-2025-24367 in Cacti Affects Multiple Versions High severity vulnerability in Cacti allows unauthorized access; patches available. CVE: CVE-2025-24367 • APT: N/A • Status: ACTIVE Immediate patching required to prevent exploit… https://t.co/nlkqH3JjM6
@MysocAi
24 Feb 2026
0 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🔶 [HIGH] CVE-2025-24367: High Severity Vulnerability in Cacti Affects Multiple Products CVE-2025-24367 (CVSS… 🔴 CVE: CVE-2025-24367 🕵️ APT: N/A ⚡ Status: ACTIVE EXPLOITATION 🎯 MITRE: Initial Access, Execution ⚔️ High likelihood of exploitation; patch urgent
@MysocAi
24 Feb 2026
5 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🔶 [HIGH] CVE-2025-24367: High Severity Vulnerability in Cacti CVE-2025-24367 (CVSS… 🔴 CVE: CVE-2025-24367 🕵️ APT: N/A ⚡ Status: ACTIVE 🎯 MITRE: Initial Access, Privilege Escalation ⚔️ Immediate patching required to prevent exploitation. 🔗 https://t.co/1r
@MysocAi
24 Feb 2026
1 Impression
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🎯 @hackthebox_eu machine #MonitorsFour [Easy] — Windows Box Pwned IDOR → creds leak Cacti RCE (CVE-2025-24367) → RCE Unauth Docker API → root PoC: https://t.co/AYVMZ06EyJ Chained misconfigs = full compromise. 💥 #Cybersecurity #OffensiveSecurity #HackTheBox #CTF
@sakibulalikhan
16 Feb 2026
71 Impressions
0 Retweets
2 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CVE-2025-24367 Authenticated RCE via Graph Templates (Cacti) ⚠️ Only for educational purposes & ethical hacking 👍 Like, comment & share if this helped! #CyberSecurity #EthicalHacking #CVE #Exploit #PoC #RedTeam #BugBounty #Infosec #Pentesting #OSCP https://t.c
@r0otk3r
3 Jan 2026
118 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
[CVE-2025-24367: HIGH] Cacti vulnerability alert: Authenticated users could exploit graph creation & templates to execute code remotely. Upgrade to version 1.2.29 for a fix. #CyberSecurity#cybersecurity,#vulnerability https://t.co/x6hUnCV0rO https://t.co/7QlVfYset5
@CveFindCom
27 Jan 2025
32 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-24367 Cacti is an open source performance and fault management framework. An authenticated Cacti user can abuse graph creation and graph template functionality to create ar… https://t.co/DhP0HbxlZc
@CVEnew
27 Jan 2025
280 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cacti:cacti:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C0B80A90-97E0-49C0-A780-695E17B0568C",
"versionEndExcluding": "1.2.29",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
]