CVE-2025-24367 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2025-24367 Interim 1 5 2026-03-05T01:12:36Z current 2025-01-29T00:12:21Z 2026-03-05T01:12:36Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2025-24367 Cacti is an open source performance and fault management framework. An authenticated Cacti user can abuse graph creation and graph template functionality to create arbitrary PHP scripts in the web root of the application, leading to remote code execution on the server. This vulnerability is fixed in 1.2.29. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://www.suse.com/support/security/rating/ SUSE Security Ratings SUSE Package Hub 15 SP6 openSUSE Leap 15.6 cacti-1.2.30-bp156.2.6.1 cacti-1.2.30-bp156.2.6.1 as a component of SUSE Package Hub 15 SP6 cacti-1.2.30-bp156.2.6.1 as a component of openSUSE Leap 15.6 Cacti is an open source performance and fault management framework. An authenticated Cacti user can abuse graph creation and graph template functionality to create arbitrary PHP scripts in the web root of the application, leading to remote code execution on the server. This vulnerability is fixed in 1.2.29. CVE-2025-24367 SUSE Package Hub 15 SP6:cacti-1.2.30-bp156.2.6.1 openSUSE Leap 15.6:cacti-1.2.30-bp156.2.6.1 important 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H