CVE-2025-66399
Published: 02 December 2025
Description
Cacti is an open source performance and fault management framework. Prior to 1.2.29, there is an input-validation flaw in the SNMP device configuration functionality. An authenticated Cacti user can supply crafted SNMP community strings containing control characters (including newlines) that…
more
are accepted, stored verbatim in the database, and later embedded into backend SNMP operations. In environments where downstream SNMP tooling or wrappers interpret newline-separated tokens as command boundaries, this can lead to unintended command execution with the privileges of the Cacti process. This vulnerability is fixed in 1.2.29.
Mitigating Controls (NIST 800-53 r5)AI
Directly addresses the input-validation flaw by requiring validation mechanisms for SNMP community strings to prevent injection of control characters like newlines.
Ensures timely remediation of the known vulnerability through patching to version 1.2.29 or later, which fixes the input validation issue.
Limits the attack surface by enforcing least privilege, restricting low-privileged authenticated users from accessing SNMP device configuration functions.
Security SummaryAI
CVE-2025-66399 is an input-validation vulnerability in the SNMP device configuration functionality of Cacti, an open source performance and fault management framework. Affecting versions prior to 1.2.29, the flaw allows an authenticated Cacti user to supply crafted SNMP community strings containing control characters, such as newlines. These inputs are accepted without sanitization, stored verbatim in the database, and later embedded into backend SNMP operations. The issue is classified under CWE-77 (Command Injection) with a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).
An attacker with authenticated access to Cacti, requiring only low privileges, can exploit this vulnerability by injecting malicious SNMP community strings during device configuration. When Cacti performs subsequent SNMP operations, the unsanitized strings are passed to downstream SNMP tooling or wrappers. In environments where these tools interpret newline-separated tokens as command boundaries, the vulnerability enables unintended command execution with the privileges of the Cacti process, potentially leading to high confidentiality, integrity, and availability impacts over the network with low complexity and no user interaction.
The official GitHub Security Advisory (GHSA-c7rr-2h93-7gjf) confirms the vulnerability is fixed in Cacti version 1.2.29 through improved input validation of SNMP community strings. Security practitioners should upgrade to 1.2.29 or later, review SNMP configurations for anomalous community strings, and consider restricting authenticated user permissions on SNMP device management functions as an interim mitigation.
Details
- CWE(s)
Affected Products
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Authenticated low-privilege users can exploit input validation flaw in Cacti's SNMP configuration for remote command injection via newline-separated commands in SNMP tools, enabling T1210 (Exploitation of Remote Services) and T1059.004 (Unix Shell).