CVE-2025-24368: 
Cacti vulnerability analysis and mitigation

Cacti, an open source performance and fault management framework, was found to contain a SQL injection vulnerability (CVE-2025-24368) that was fixed in version 1.2.29. The vulnerability exists in the automation_tree_rules.php file where data is not thoroughly checked and is used to concatenate SQL statements in the build_rule_item_filter() function from lib/api_automation.php (GitHub Advisory).

The vulnerability stems from insufficient validation of the 'field' parameter in automation_tree_rules.php. When the build_matching_objects_filter() function in lib/api.automation.php constructs SQL statements, it uses the build_rule_item_filter() function which concatenates the unchecked field value directly into SQL queries. The issue occurs specifically in the automation_tree_rules_form_save() function where administrator privileges for Automation can control the field parameter of the automation_tree_rule_items table (GitHub Advisory).

Attackers can exploit this vulnerability to modify the contents of the Cacti database through SQL-based secondary injection techniques. Based on the modified content, attackers may achieve arbitrary file reading capabilities and potentially remote code execution through arbitrary file writing (GitHub Advisory).

The vulnerability has been patched in Cacti version 1.2.29. Users are advised to upgrade to this version or later to address the security issue. The fix includes additional validation checks for SQL injections in the automation tree rules functionality (Debian LTS).