Critical Vulnerabilities in Cacti

Published on 28 May 2024

Cacti has released security updates addressing critical vulnerabilities in their products. 

The vulnerabilities are:
  • CVE-2024-29895: Successful exploitation of this vulnerability could allow an unauthenticated attacker to perform remote code execution. The vulnerability has a maximum Common Vulnerability Scoring System (CVSSv3.1) score of 10 out of 10.
  • CVE-2024-25641: Successful exploitation of this vulnerability could allow an authenticated attacker with the "import templates" permission to write arbitrary files or execute malicious PHP code on an affected server. The vulnerability has a CVSSv3.1 score of 9.1 out of 10.
  • CVE-2024-34340: Successful exploitation of this vulnerability could allow an attacker to bypass authentication and gain access to an affected server. The vulnerability has a CVSSv3.1 score of 9.1 out of 10.

The critical vulnerabilities affect versions of Cacti prior to 1.2.27.

Users and administrators of affected product versions are advised to update to the latest version immediately.

More information is available here: