CVE-2025-45160
📋 TL;DR
A HTML injection vulnerability in Cacti's file upload functionality allows attackers to inject arbitrary HTML elements into error popups when uploading files with invalid formats. This affects Cacti versions up to 1.2.29, though the maintainer states they cannot reproduce after version 1.2.27.
💻 Affected Systems
- Cacti
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Attackers could inject malicious scripts to perform cross-site scripting (XSS) attacks, potentially stealing session cookies or performing actions as authenticated users.
Likely Case
HTML injection leading to defacement of error messages or limited XSS attacks requiring user interaction with the malicious error popup.
If Mitigated
Limited to HTML injection without script execution if proper content security policies are in place.
🎯 Exploit Status
Exploitation requires file upload access, typically requiring authentication. HTML injection is straightforward once access is obtained.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 1.2.30 or later
Vendor Advisory: https://github.com/Cacti/cacti
Restart Required: No
Instructions:
1. Backup your Cacti installation and database
2. Download the latest version from GitHub
3. Replace existing files with new version
4. Run database upgrade if prompted
🔧 Temporary Workarounds
Input Validation Filter
allImplement server-side validation to sanitize filename inputs before displaying in error messages
Modify Cacti source code to apply htmlspecialchars() or similar sanitization to filename variables in error handling
Content Security Policy
allImplement strict CSP headers to prevent script execution from injected HTML
Add Content-Security-Policy header to web server configuration
🧯 If You Can't Patch
- Restrict file upload permissions to trusted users only
- Implement web application firewall rules to block HTML injection patterns
🔍 How to Verify
Check if Vulnerable:
Test by uploading a file with filename containing HTML tags like <h1>test</h1> and check if tags render in error messageCheck Version:
grep 'version' /path/to/cacti/include/global.php | grep -o '[0-9]\+\.[0-9]\+\.[0-9]\+'Verify Fix Applied:
After patching, repeat the test - HTML tags should appear as plain text, not rendered📡 Detection & Monitoring
Log Indicators:
- File upload attempts with filenames containing HTML tags
- Error messages containing unusual HTML content
Network Indicators:
- HTTP POST requests to upload endpoints with suspicious filename parameters
SIEM Query:
source="cacti.log" AND "upload" AND ("<" OR ">" OR "script" OR "svg")