Actively Exploited in the Wild

This vulnerability is being actively exploited in the wild.

Primary

Context

Cacti Remote Command Execution Vulnerability in graph_view.php

Vulnerability

Exploited

A remote command execution vulnerability has been identified in Cacti versions prior to 0.8.6-d. The issue resides in the graph_view.php script, where authenticated users can inject arbitrary shell commands through the graph_start GET parameter. This injection is exploited during the graph rendering process, allowing commands to be executed on the underlying operating system with the privileges of the web server process.

Impact

Exploitation of this vulnerability allows for arbitrary command execution on the server, with the same privileges as the web server process.

Reproduction

To reproduce this vulnerability, an authenticated user must send a request to the graph_view.php script with the graph_start parameter containing the injected command. The vulnerability can be exploited by first obtaining a valid local_graph_id, which is required to trigger the command execution.

Added: Aug 30, 2025, 2:27 PM

Updated: Aug 30, 2025, 2:27 PM

Vulnerability Rating

Custom Algorithm

spread

5.0

impact

10.0

exploitability

6.9

remediation

0.0

relevance

0.4

threat

9.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.0

impact

10.0

exploitability

6.9

remediation

0.0

relevance

0.4

threat

9.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Actively Exploited in the Wild

Cacti Remote Command Execution Vulnerability in graph_view.php

Vulnerability

Impact

Reproduction

Affected Products

Cacti

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating