Vulnerability Details
Basic Information
| Title | CVE-2025-24977 OpenCTI has remote code execution and sensitive secrets exposed through web hook |
|---|---|
| Type | vulnrichment |
| Published | 2025-05-05T17:07:35 |
| Last Seen | 2025-05-05T18:14:11 |
| CVSS Score | 9.1 (CRITICAL) |
CVSS v3 Details
| Attack Vector | NETWORK |
|---|---|
| Attack Complexity | LOW |
| Privileges Required | HIGH |
| User Interaction | NONE |
| Scope | CHANGED |
| Confidentiality Impact | HIGH |
| Integrity Impact | HIGH |
| Availability Impact | HIGH |
CVE Information
| CVE IDs | CVE-2025-24977 |
|---|---|
| CWE | CWE-94 |
| Bulletin Family | cve |
Description
OpenCTI is an open cyber threat intelligence (CTI) platform. Prior to version 6.4.11 any user with the capability `manage customizations` can execute commands on the underlying infrastructure where OpenCTI is hosted and can access internal server side secrets by misusing the web-hooks. Since the malicious user gets a root shell inside a container this opens up the the infrastructure environment for further attacks and exposures. Version 6.4.11 fixes the issue.
Impact Assessment
| Base Score | 9.1 |
|---|---|
| Severity | CRITICAL |