CVE-2025-24368: 
Cacti vulnerability analysis and mitigation

Cacti, an open source performance and fault management framework, was found to contain a SQL injection vulnerability (CVE-2025-24368) that was fixed in version 1.2.29. The vulnerability exists in the automationtreerules.php file where data is not thoroughly checked and is used to concatenate SQL statements in the buildruleitemfilter() function from lib/apiautomation.php (GitHub Advisory).

The vulnerability stems from insufficient validation of the 'field' parameter in automationtreerules.php. When the buildmatchingobjectsfilter() function in lib/api.automation.php constructs SQL statements, it uses the buildruleitemfilter() function which concatenates the unchecked field value directly into SQL queries. The issue occurs specifically in the automationtreerulesformsave() function where administrator privileges for Automation can control the field parameter of the automationtreerule_items table (GitHub Advisory).

Attackers can exploit this vulnerability to modify the contents of the Cacti database through SQL-based secondary injection techniques. Based on the modified content, attackers may achieve arbitrary file reading capabilities and potentially remote code execution through arbitrary file writing (GitHub Advisory).

The vulnerability has been patched in Cacti version 1.2.29. Users are advised to upgrade to this version or later to address the security issue. The fix includes additional validation checks for SQL injections in the automation tree rules functionality (Debian LTS).