CVE-2025-24367
Cacti allows Arbitrary File Creation leading to RCECacti is an open source performance and fault management framework. An authenticated Cacti user can abuse graph creation and graph template functionality to create arbitrary PHP scripts in the web root of the application, leading to remote code execution on the server. This vulnerability is fixed in 1.2.29.
We have discovered 58 live websites that are affected by CVE-2025-24367.
Affected Software
| Product | |
| Category | Error and Exception Monitoring |
| Vulnerable Domains | 58 live websites (89% of Cacti install base) |
| Vulnerable Versions |
|
| Vulnerable Versions Count | 11 versions ( 85% of all versions) |
Common Weakness Enumeration
CWE-144 Improper Neutralization of Line DelimitersDetails
- Published - Jan 27, 2025
- Updated - Nov 3, 2025
CVE References
CWE References
CWE
Website Distribution by Country
Number of websites using CVE-2025-24367 United States | 6 websites |
 Indonesia | 16 websites |
 Russia | 4 websites |
 Taiwan | 4 websites |
 Argentina | 3 websites |
 Spain | 2 websites |
 France | 2 websites |
 Lebanon | 2 websites |
 Romania | 2 websites |
 El Salvador | 2 websites |
Website Distribution by TLD
Number of websites using CVE-2025-24367| .net | 16 websites |
| .com | 5 websites |
| .ru | 4 websites |
| .nl | 1 websites |
| .org.uk | 1 websites |
| .pl | 1 websites |
Vulnerable Versions
Vulnerable versions are highlighted in redWebsites affected by CVE-2025-24367
Top websites that are affected by CVE-2025-24367. Please click on the "Contact us" link to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| ********.net | United States | *,***,*** | |
| *******.*****.net | Indonesia | *,***,*** | |
| *************.******.****.cat | Spain | *,***,*** | |
| *****.*************.net | United States | *,***,*** | |
| *****.*********.ru | Russia | *,***,*** | |
| ********.*********.net | United States | **,***,*** | |
| ***.******.***.br |  Brazil | **,***,*** | |
| **********.*****.net | United States | **,***,*** | |
| ********.****.***.id | Indonesia | **,***,*** | |
| **********.***.ar | Argentina | **,***,*** |
FAQ
CVE-2025-24367 is Improper Neutralization of Line Delimiters in Cacti
A total of 58 websites have been identified as vulnerable to CVE-2025-24367, based on global website indexing conducted by WebTechSurvey.
The Cacti is affected by the CVE-2025-24367 vulnerability.
Cacti versions up to and including 1.2.28 are vulnerable to CVE-2025-24367.