VYPR
Unrated severityNVD Advisory· Published Jan 27, 2025· Updated Nov 3, 2025

Cacti allows Arbitrary File Creation leading to RCE

CVE-2025-24367

Description

Cacti is an open source performance and fault management framework. An authenticated Cacti user can abuse graph creation and graph template functionality to create arbitrary PHP scripts in the web root of the application, leading to remote code execution on the server. This vulnerability is fixed in 1.2.29.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.