CNNVD-202512-167 Information
CNNVD ID
CNNVD-202512-167
Related CVE
- CNNVD Published: 2025-12-02
Description (Chinese)
Cacti是Cacti团队的一套开源的网络流量监测和分析工具。该工具通过snmpget来获取数据,使用RRDtool绘画图形进行分析,并提供数据和用户管理功能。 Cacti 1.2.29之前版本存在安全漏洞,该漏洞源于SNMP设备配置中社区字符串输入验证不足,可能导致命令执行。
Description (English)
Cacti is an open-source network traffic monitoring and analysis tool for the Cacti team. The tool captures data through snmpget, uses RRDDtool graphics for analysis and provides data and user management functions. There was a security loophole in the previous version of Cacti 1.2.29, which stemmed from insufficient community string input validation in the SNMP device configuration, which could lead to the execution of the command.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
Cacti
Published
2025-12-02
Last Modified
2026-02-24
References
https://github.com/Cacti/cacti/security/advisories/GHSA-c7rr-2h93-7gjf https://access.redhat.com/security/cve/cve-2025-66399 https://vigilance.fr/vulnerability/Cacti-code-execution-via-SNMP-Command-Injection-48939
Patch
https://github.com/Cacti/cacti/releases
Share on: