CVE-2025-24368

Public Exploit

Cacti has a SQL Injection vulnerability when using tree rules through Automation API

Description

Cacti is an open source performance and fault management framework. Some of the data stored in automation_tree_rules.php is not thoroughly checked and is used to concatenate the SQL statement in build_rule_item_filter() function from lib/api_automation.php, resulting in SQL injection. This vulnerability is fixed in 1.2.29.

References

Link	Tags
https://github.com/Cacti/cacti/security/advisories/GHSA-f9c7-7rc3-574c	third party advisory exploit
https://github.com/Cacti/cacti/commit/c7e4ee798d263a3209ae6e7ba182c7b65284d8f0	patch

Frequently Asked Questions

What is the severity of CVE-2025-24368?: CVE-2025-24368 has been scored as a medium severity vulnerability.
How to fix CVE-2025-24368?: To fix CVE-2025-24368, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2025-24368 being actively exploited in the wild?: It is possible that CVE-2025-24368 is being exploited or will be exploited in a near future based on public information. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2025-24368?: CVE-2025-24368 affects Cacti cacti.

This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.

Description

Category

CWE-89 – Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

References

Frequently Asked Questions