OpenCTI’s GraphQL IDOR enables authenticated users to modify or delete...

5.4 / 10

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

Description

OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. Prior to version 6.6.6, an IDOR vulnerability in the GrapQL `NotificationLineNotificationMarkReadMutation` and `NotificationLineNotificationDeleteMutation` mutations of OpenCTI allows an authenticated user to change the read status of a notification or delete a notification of another user in case he has knowledge of the UUID of the notification. When changing the read status of a notification, the user also receives the content of the notification they changed the read status of. Authenticated Users in OpenCTI can read, modify and delete notification of other users if they know the UUID of the notification. Version 6.6.6 fixes the issue.

Basic Information

ID CVE-2025-46732

Source GitHub_M

Published Jul 18, 2025 at 15:05

Modified Jul 18, 2025 at 15:24

Affected Product

Vendor OpenCTI-Platform

Product opencti

Version < 6.6.6

Affected Versions OpenCTI-Platform opencti < 6.6.6

CWE Classification

CWE-285

References

github.com /OpenCTI-Platform/opencti/security/advisories/GHSA-535g-qp2c-h7vp

{
    "lastseen": "",
    "description": "OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. Prior to version 6.6.6, an IDOR vulnerability in the GrapQL `NotificationLineNotificationMarkReadMutation` and `NotificationLineNotificationDeleteMutation` mutations of OpenCTI allows an authenticated user to change the read status of a notification or delete a notification of another user in case he has knowledge of the UUID of the notification. When changing the read status of a notification, the user also receives the content of the notification they changed the read status of. Authenticated Users in OpenCTI can read, modify and delete notification of other users if they know the UUID of the notification. Version 6.6.6 fixes the issue.",
    "published": "2025-07-18T15:05:11.435Z",
    "modified": "2025-07-18T15:24:49.537Z",
    "type": "cve",
    "title": "OpenCTI's GraphQL IDOR enables authenticated users to modify or delete notifications of other users",
    "source": "GitHub_M",
    "references": "https://github.com/OpenCTI-Platform/opencti/security/advisories/GHSA-535g-qp2c-h7vp",
    "id": "CVE-2025-46732",
    "bulletinFamily": "",
    "cwe": [
        "CWE-285"
    ],
    "cvelist": null,
    "sourceData": "OpenCTI-Platform opencti < 6.6.6",
    "sourceHref": "",
    "cvss": {
        "score": 5.4,
        "severity": "MEDIUM",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "opencti",
    "version": "< 6.6.6",
    "vendor": "OpenCTI-Platform",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

OpenCTI’s GraphQL IDOR enables authenticated users to modify or delete notifications of other users_CVE-2025-46732