CVE-2025-66399
HIGHCacti < 1.2.29 - Authenticated Command Injection via SNMP Community String
Title source: llmDescription
Cacti is an open source performance and fault management framework. Prior to 1.2.29, there is an input-validation flaw in the SNMP device configuration functionality. An authenticated Cacti user can supply crafted SNMP community strings containing control characters (including newlines) that are accepted, stored verbatim in the database, and later embedded into backend SNMP operations. In environments where downstream SNMP tooling or wrappers interpret newline-separated tokens as command boundaries, this can lead to unintended command execution with the privileges of the Cacti process. This vulnerability is fixed in 1.2.29.
References (1)
Core 1
Core References
Exploit, Vendor Advisory x_refsource_confirm
https://github.com/Cacti/cacti/security/advisories/GHSA-c7rr-2h93-7gjf
Scores
CVSS v3
8.8
EPSS
0.1076
EPSS Percentile
95.3%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
yes
Technical Impact
total
Details
CWE
CWE-77
Status
published
Products (1)
cacti/cacti
< 1.2.29
Published
Dec 02, 2025
Tracked Since
Feb 18, 2026