Exploit for #VU90703 Code Injection in Cacti

Vulnerability identifier: #VU90703

Vulnerability risk: Low

CVSSv4.0: 8.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Clear]

CVE-ID: CVE-2024-25641

CWE-ID: CWE-94

Exploitation vector: Network

Exploits in database: 8

• March 18, 2025
  • CVE-2024-25641-Exploit-for-Cacti-1.2.26 () [Github]
• January 10, 2025
  • CVE-2024-25641 (POC exploit for CVE-2024-25641) [Github]
• December 13, 2024
  • cve-2024-25641-poc [Github]
• August 30, 2024
  • CVE-2024-25641 (This repository automates the process of exploiting CVE-2024-25641 on Cacti 1.2.26) [Github]
  • CVE-2024-25641-RCE-Automated-Exploit-Cacti-1.2.26 (CVE-2024-25641 - RCE Automated Exploit - Cacti 1.2.26) [Github]
  • CVE-2024-25641-CACTI-RCE-1.2.26 [Github]
  • CVE-2024-25641 (PoC for CVE-2024-25641 Authenticated RCE on Cacti v1.2.26) [Github]
• June 13, 2024
  • Cacti Import Packages RCE [Metasploit]

Vulnerable software:
Cacti
Web applications / Other software

Vendor: The Cacti Group, Inc.