HTTP: Cacti Group Cacti RRDTool CRLF Injection
This signature detects attempts to exploit a known vulnerability against Cacti. A successful attack can lead to arbitrary code execution.
Extended Description
Cacti is an open source performance and fault management framework. An authenticated Cacti user can abuse graph creation and graph template functionality to create arbitrary PHP scripts in the web root of the application, leading to remote code execution on the server. This vulnerability is fixed in 1.2.29.
Affected Products
Cacti cacti
References
CVE: CVE-2025-24367
URL: https://github.com/Cacti/cacti/security/advisories/GHSA-fxrq-fr7h-9rqq
Short Name
HTTP:CTS:CACTI-GRP-CRLF-INJ
Severity
Major
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
CRLF CVE-2025-24367 Cacti Group Injection RRDTool
Release Date
02/17/2025
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3801
False Positive
Unknown
Vendors
Cacti