CVE-2025-24367 — AI Deep Analysis Summary

🚨 **Essence**: Cacti allows authenticated users to abuse graph creation/templates. <br>💥 **Consequence**: Arbitrary PHP scripts are created in the Web root, leading to **Remote Code Execution (RCE)**.

🛡️ **CWE-144**: Improper Neutralization of CRLF Sequences in HTTP Headers. <br>🔍 **Flaw**: Backend parameter injection via Graph Template features allows writing malicious files.

🏢 **Vendor**: Cacti Team. <br>📦 **Product**: Cacti (Open-source network traffic monitoring tool). <br>⚠️ **Scope**: All versions vulnerable until patched.

👑 **Privileges**: Full System Control. <br>📂 **Data**: Hackers execute arbitrary code on the server hosting the Cacti web root. <br>🔓 **Access**: Can read/write any file accessible by the web server user.

🔑 **Threshold**: **Medium**. <br>👤 **Auth Required**: Yes, needs an **authenticated user account**. <br>⚙️ **Config**: Must have permission to create graphs/templates.

🔓 **Exploit**: **Yes**, Public PoCs available. <br>📂 **Sources**: GitHub repos (Threekiii, Vulhub, TheCyberGeek, r0tn3x, SoftAndoWetto). <br>⚠️ **Status**: Active research/exploitation code exists.

🔍 **Check**: Scan for Cacti instances. <br>🧪 **Test**: Verify if authenticated users can create custom graph templates. <br>📡 **Monitor**: Look for unusual PHP files in the Cacti web root directory.

🛠️ **Fix**: **Yes**, Official Patch Available. <br>📅 **Date**: Published 2025-01-27. <br>🔗 **Ref**: GitHub Advisory GHSA-fxrq-fr7h-9rqq & Commit c7e4ee7.

🚧 **Workaround**: <br>1. Restrict access to Graph Template creation. <br>2. Limit user privileges. <br>3. Monitor web root for unauthorized .php files. <br>4. Isolate Cacti server if possible.

🔥 **Priority**: **CRITICAL**. <br>⚡ **Urgency**: High. <br>📉 **Risk**: RCE with Auth. <br>✅ **Action**: Patch immediately or apply strict access controls.