- Description
- Cacti is an open source performance and fault management framework. An authenticated Cacti user can abuse graph creation and graph template functionality to create arbitrary PHP scripts in the web root of the application, leading to remote code execution on the server. This vulnerability is fixed in 1.2.29.
- Source
- security-advisories@github.com
- NVD status
- Modified
- Products
- cacti
CVSS 4.0
- Type
- Secondary
- Base score
- 8.7
- Impact score
- -
- Exploitability score
- -
- Vector string
- CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
- Severity
- HIGH
CVSS 3.1
- Type
- Primary
- Base score
- 8.8
- Impact score
- 5.9
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
- Severity
- HIGH
- security-advisories@github.com
- CWE-144
- nvd@nist.gov
- NVD-CWE-Other
- Hype score
- Not currently trending
[HIGH] CVE-2025-24367 in Cacti Affects Multiple Versions High severity vulnerability in Cacti allows unauthorized access; patches available. CVE: CVE-2025-24367 • APT: N/A • Status: ACTIVE Immediate patching required to prevent exploit… https://t.co/nlkqH3JjM6
@MysocAi
24 Feb 2026
0 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🔶 [HIGH] CVE-2025-24367: High Severity Vulnerability in Cacti Affects Multiple Products CVE-2025-24367 (CVSS… 🔴 CVE: CVE-2025-24367 🕵️ APT: N/A ⚡ Status: ACTIVE EXPLOITATION 🎯 MITRE: Initial Access, Execution ⚔️ High likelihood of exploitation; patch urgent
@MysocAi
24 Feb 2026
5 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🔶 [HIGH] CVE-2025-24367: High Severity Vulnerability in Cacti CVE-2025-24367 (CVSS… 🔴 CVE: CVE-2025-24367 🕵️ APT: N/A ⚡ Status: ACTIVE 🎯 MITRE: Initial Access, Privilege Escalation ⚔️ Immediate patching required to prevent exploitation. 🔗 https://t.co/1r
@MysocAi
24 Feb 2026
1 Impression
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🎯 @hackthebox_eu machine #MonitorsFour [Easy] — Windows Box Pwned IDOR → creds leak Cacti RCE (CVE-2025-24367) → RCE Unauth Docker API → root PoC: https://t.co/AYVMZ06EyJ Chained misconfigs = full compromise. 💥 #Cybersecurity #OffensiveSecurity #HackTheBox #CTF
@sakibulalikhan
16 Feb 2026
71 Impressions
0 Retweets
2 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CVE-2025-24367 Authenticated RCE via Graph Templates (Cacti) ⚠️ Only for educational purposes & ethical hacking 👍 Like, comment & share if this helped! #CyberSecurity #EthicalHacking #CVE #Exploit #PoC #RedTeam #BugBounty #Infosec #Pentesting #OSCP https://t.c
@r0otk3r
3 Jan 2026
118 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
[CVE-2025-24367: HIGH] Cacti vulnerability alert: Authenticated users could exploit graph creation & templates to execute code remotely. Upgrade to version 1.2.29 for a fix. #CyberSecurity#cybersecurity,#vulnerability https://t.co/x6hUnCV0rO https://t.co/7QlVfYset5
@CveFindCom
27 Jan 2025
32 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-24367 Cacti is an open source performance and fault management framework. An authenticated Cacti user can abuse graph creation and graph template functionality to create ar… https://t.co/DhP0HbxlZc
@CVEnew
27 Jan 2025
280 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cacti:cacti:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C0B80A90-97E0-49C0-A780-695E17B0568C",
"versionEndExcluding": "1.2.29",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
]