CVE-2025-24367
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2025-24367
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-24367.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2025-24367
- Aliases
-
- GHSA-fxrq-fr7h-9rqq
- Downstream
- Published
- 2025-01-27T17:12:40.174Z
- Modified
- 2025-12-02T08:01:41.651698Z
- Severity
-
- 8.7 (High) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N CVSS Calculator
- Summary
- Cacti allows Arbitrary File Creation leading to RCE
- Details
-
Cacti is an open source performance and fault management framework. An authenticated Cacti user can abuse graph creation and graph template functionality to create arbitrary PHP scripts in the web root of the application, leading to remote code execution on the server. This vulnerability is fixed in 1.2.29.
- Database specific
{ "cna_assigner": "GitHub_M", "cwe_ids": [ "CWE-144" ], "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/24xxx/CVE-2025-24367.json" }- References
-
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/24xxx/CVE-2025-24367.json
- https://github.com/Cacti/cacti/commit/c7e4ee798d263a3209ae6e7ba182c7b65284d8f0
- https://github.com/Cacti/cacti/security/advisories/GHSA-fxrq-fr7h-9rqq
- https://lists.debian.org/debian-lts-announce/2025/02/msg00010.html
- https://nvd.nist.gov/vuln/detail/CVE-2025-24367
Affected packages
Git / github.com/cacti/cacti
Affected ranges
- Type
- GIT
- Repo
- https://github.com/cacti/cacti
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
releaes/1.*
releaes/1.2.19
release/1.*
release/1.0.0
release/1.0.1
release/1.0.2
release/1.0.3
release/1.0.4
release/1.0.5
release/1.0.6
release/1.1.0
release/1.1.1
release/1.1.11
release/1.1.12
release/1.1.13
release/1.1.14
release/1.1.15
release/1.1.16
release/1.1.17
release/1.1.18
release/1.1.19
release/1.1.2
release/1.1.20
release/1.1.21
release/1.1.22
release/1.1.23
release/1.1.24
release/1.1.25
release/1.1.26
release/1.1.27
release/1.1.28
release/1.1.29
release/1.1.3
release/1.1.30
release/1.1.31
release/1.1.32
release/1.1.33
release/1.1.34
release/1.1.35
release/1.1.36
release/1.1.37
release/1.1.38
release/1.1.4
release/1.1.5
release/1.1.6
release/1.1.7
release/1.1.8
release/1.2.0
release/1.2.0-beta1
release/1.2.0-beta2
release/1.2.0-beta3
release/1.2.0-beta4
release/1.2.1
release/1.2.10
release/1.2.11
release/1.2.12
release/1.2.13
release/1.2.14
release/1.2.15
release/1.2.16
release/1.2.17
release/1.2.18
release/1.2.19
release/1.2.2
release/1.2.20
release/1.2.21
release/1.2.22
release/1.2.23
release/1.2.24
release/1.2.25
release/1.2.26
release/1.2.27
release/1.2.28
release/1.2.3
release/1.2.4
release/1.2.5
release/1.2.6
release/1.2.7
release/1.2.8
release/1.2.9