CVE•Published 2025-01-27•1 article on news•7 live references•NVD data
CVE-2025-24367
Vulnerability data via CVEDB (Shodan)
CVSS v3.1
8.7
HIGH
EPSS percentile
99
Exploit Prediction Scoring System · top 1% of all CVEs
Description
Cacti is an open source performance and fault management framework. An authenticated Cacti user can abuse graph creation and graph template functionality to create arbitrary PHP scripts in the web root of the application, leading to remote code execution on the server. This vulnerability is fixed in 1.2.29.
Timeline
Published 2025-01-27
External references
Search for exposed instances
Shodan + Censys queries derived from NVD's CPE data. The vuln tag catches assets Shodan has explicitly linked to this CVE; the product / banner fingerprints find exposed instances even when the vuln tag was never applied (which is common).
Shodan · vuln tag0 hosts
vuln:CVE-2025-24367Hosts Shodan has explicitly fingerprinted as vulnerable.
Shodan · product
product:"Cacti Cacti"All exposed Cacti Cacti instances — cross-reference with the CVE's affected-version range.
Shodan · banner/body mention
http.html:"Cacti"HTTP body or banner mentions "Cacti" — catches deploys Shodan didn't identify as a product.
More intel sources (5)
Shodan report
vuln:CVE-2025-24367Country / ASN / product breakdown for the vuln query.
Censys
vulnerabilities.cve_id: CVE-2025-24367Censys host search filtered to this CVE id.
grep.app
CVE-2025-24367Public source-code mentions — fast PoC discovery.
GitHub code
CVE-2025-24367GitHub code search for direct mentions.
Google dork
"CVE-2025-24367" exploit -site:nvd.nist.govWrite-ups and news, NVD excluded.
Known PoCs on GitHub (8)
CVE-2025-243678 repos
Threekiii/Awesome-POCJava
一个漏洞 PoC 知识库。A knowledge base for vulnerability PoCs(Proof of Concept), with 1k+ vulnerabilities.
Threekiii/CVEunknown
一个 CVE 漏洞预警知识库,无 exp/poc,部分包含修复方案。A knowledge base of CVE security vulnerability, no PoCs/exploits.
TheCyberGeek/CVE-2025-24367-Cacti-PoCPython
Proof of Concept for CVE-2025-24367
J1ezds/Vulnerability-Wiki-pageHTML
这是一个每天同步Vulnerability-Wiki中docs-base中内容的项目
Solrikk/HTB-MonitorsFour-Writeupunknown
Detailed writeup for HackTheBox MonitorsFour machine: IDOR to credentials, Cacti 1.2.28 RCE exploitation, and Docker Desktop container escape to root
sonnycroco/HackTheBox-MonitorsFour-Walkthroughunknown
MonitorsFour is a Windows box where a PHP type-juggling flaw leaks password hashes, leading to admin access. A vulnerable Cacti instance then provides code execution inside a Docke…
ShoshinMaster/CVE-2025-24367Python
matesz44/CVE-2025-24367Shell
CVE-2025-24367: Cacti AuthN Graph Template RCE in posix sh