UBUNTU-CVE-2025-24367
- Source
- https://ubuntu.com/security/CVE-2025-24367
- Import Source
- https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2025/UBUNTU-CVE-2025-24367.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/UBUNTU-CVE-2025-24367
- Upstream
- Published
- 2025-01-27T18:15:00Z
- Modified
- 2025-10-24T05:18:08Z
- Severity
-
- 8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- 8.7 (High) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N CVSS Calculator
- Ubuntu - medium
- Summary
- [none]
- Details
-
Cacti is an open source performance and fault management framework. An authenticated Cacti user can abuse graph creation and graph template functionality to create arbitrary PHP scripts in the web root of the application, leading to remote code execution on the server. This vulnerability is fixed in 1.2.29.
- References
Affected packages
Ubuntu:24.04:LTS
cacti
Package
- Name
- cacti
- Purl
- pkg:deb/ubuntu/cacti@1.2.26+ds1-1ubuntu0.1?arch=source&distro=noble
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Ubuntu:25.04
cacti
Package
- Name
- cacti
- Purl
- pkg:deb/ubuntu/cacti@1.2.28+ds1-4ubuntu1?arch=source&distro=plucky
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
1.*
1.2.27+ds1-2ubuntu1
1.2.28+ds1-2
1.2.28+ds1-2ubuntu1
1.2.28+ds1-3ubuntu1
1.2.28+ds1-4ubuntu1
Ubuntu:25.10
cacti
Package
- Name
- cacti
- Purl
- pkg:deb/ubuntu/cacti@1.2.30+ds1-1ubuntu1?arch=source&distro=questing
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Ubuntu:Pro:14.04:LTS
cacti
Package
- Name
- cacti
- Purl
- pkg:deb/ubuntu/cacti@0.8.8b+dfsg-5ubuntu0.2+esm2?arch=source&distro=esm-infra-legacy/trusty
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
0.*
0.8.8b+dfsg-3
0.8.8b+dfsg-5
0.8.8b+dfsg-5ubuntu0.1
0.8.8b+dfsg-5ubuntu0.2
0.8.8b+dfsg-5ubuntu0.2+esm1
0.8.8b+dfsg-5ubuntu0.2+esm2
Ubuntu:Pro:16.04:LTS
cacti
Package
- Name
- cacti
- Purl
- pkg:deb/ubuntu/cacti@0.8.8f+ds1-4ubuntu4.16.04.2+esm2?arch=source&distro=esm-apps/xenial
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
0.*
0.8.8f+ds1-2
0.8.8f+ds1-3
0.8.8f+ds1-4
0.8.8f+ds1-4ubuntu1
0.8.8f+ds1-4ubuntu2
0.8.8f+ds1-4ubuntu3
0.8.8f+ds1-4ubuntu4
0.8.8f+ds1-4ubuntu4.16.04
0.8.8f+ds1-4ubuntu4.16.04.1
0.8.8f+ds1-4ubuntu4.16.04.2
0.8.8f+ds1-4ubuntu4.16.04.2+esm1
0.8.8f+ds1-4ubuntu4.16.04.2+esm2
Ubuntu:Pro:18.04:LTS
cacti
Package
- Name
- cacti
- Purl
- pkg:deb/ubuntu/cacti@1.1.38+ds1-1ubuntu0.1~esm4?arch=source&distro=esm-apps/bionic
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
1.*
1.1.18+ds1-1
1.1.27+ds1-2
1.1.27+ds1-3
1.1.28+ds1-2
1.1.35+ds1-1
1.1.36+ds1-1
1.1.38+ds1-1
1.1.38+ds1-1ubuntu0.1~esm1
1.1.38+ds1-1ubuntu0.1~esm3
1.1.38+ds1-1ubuntu0.1~esm4
Ubuntu:Pro:20.04:LTS
cacti
Package
- Name
- cacti
- Purl
- pkg:deb/ubuntu/cacti@1.2.10+ds1-1ubuntu1.1+esm2?arch=source&distro=esm-apps/focal
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
1.*
1.2.4+ds1-2ubuntu3
1.2.9+ds1-1ubuntu1
1.2.9+ds1-1ubuntu2
1.2.10+ds1-1ubuntu1
1.2.10+ds1-1ubuntu1+esm1
1.2.10+ds1-1ubuntu1.1
1.2.10+ds1-1ubuntu1.1+esm1
1.2.10+ds1-1ubuntu1.1+esm2
Ubuntu:Pro:22.04:LTS
cacti
Package
- Name
- cacti
- Purl
- pkg:deb/ubuntu/cacti@1.2.19+ds1-2ubuntu1.1+esm2?arch=source&distro=esm-apps/jammy
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
1.*
1.2.16+ds1-2ubuntu1
1.2.19+ds1-2ubuntu1
1.2.19+ds1-2ubuntu1+esm1
1.2.19+ds1-2ubuntu1.1
1.2.19+ds1-2ubuntu1.1+esm1
1.2.19+ds1-2ubuntu1.1+esm2