CVE-2025-66399 — Command Injection in Cacti

CWE-77 — Command Injection6 documents6 sources

Severity

7.4HIGHNVD

EPSS

0.5%

top 36.09%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cacti Debian Cacti

Timeline

PublishedDec 2

Description

Cacti is an open source performance and fault management framework. Prior to 1.2.29, there is an input-validation flaw in the SNMP device configuration functionality. An authenticated Cacti user can supply crafted SNMP community strings containing control characters (including newlines) that are accepted, stored verbatim in the database, and later embedded into backend SNMP operations. In environments where downstream SNMP tooling or wrappers interpret newline-separated tokens as command boundar…

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Affected Packages4 packages

▶CVEListV5cacti/cacti< 1.2.29

▶NVDcacti/cacti< 1.2.29

▶debiandebian/cacti< cacti 1.2.30+ds1-1 (forky)

▶Debiancacti/cacti< 1.2.30+ds1-1+1

🔴Vulnerability Details

CVEList

SNMP Command Injection leads to RCE in Cacti↗2025-12-02

▶

OSV

CVE-2025-66399: Cacti is an open source performance and fault management framework↗2025-12-02

▶

🔍Detection Rules

Suricata

ET WEB_SPECIFIC_APPS Cacti host.php snmp_community Parameter Command Injection Attempt (CVE-2025-66399)↗2025-12-02

▶

📋Vendor Advisories

Debian

CVE-2025-66399: cacti - Cacti is an open source performance and fault management framework. Prior to 1.2...↗2025

▶

🕵️Threat Intelligence

Wiz

CVE-2025-45160 Impact, Exploitability, and Mitigation Steps | Wiz↗

▶