CVE-2025-26621

OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. Prior to version 6.5.2, any user with the capability manage customizations can edit webhook that will execute javascript code. This can be abused to cause a denial of service attack by prototype pollution, making the node js server running the OpenCTI frontend become unavailable. Version 6.5.2 fixes the issue.

CVSS v3 7.6 HIGH

7.6^/10

CVSS v3 : HIGH

Vector :

Exploitability : 2.3 / Impact : 4.7

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact HIGH

Scope CHANGED

References

Link	Resource
https://github.com/OpenCTI-Platform/opencti/security/advisories/GHSA-gq63-jm3h-374p	Vendor Advisory
https://github.com/OpenCTI-Platform/opencti/security/advisories/GHSA-mf88-g2wq-p7qm	Not Applicable

Configurations

Configuration 1 (hide)

cpe:2.3:a:citeum:opencti:*:*:*:*:*:*:*:*

History

06 Aug 2025, 17:54

Type	Values Removed	Values Added
First Time		Citeum Citeum opencti
CWE		CWE-1321
CPE		cpe:2.3:a:citeum:opencti::::::::
References	~~() https://github.com/OpenCTI-Platform/opencti/security/advisories/GHSA-gq63-jm3h-374p -~~	() https://github.com/OpenCTI-Platform/opencti/security/advisories/GHSA-gq63-jm3h-374p - Vendor Advisory
References	~~() https://github.com/OpenCTI-Platform/opencti/security/advisories/GHSA-mf88-g2wq-p7qm -~~	() https://github.com/OpenCTI-Platform/opencti/security/advisories/GHSA-mf88-g2wq-p7qm - Not Applicable

21 May 2025, 20:25

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-05-19 16:15

Updated : 2025-08-06 17:54

NVD link : CVE-2025-26621

Mitre link : CVE-2025-26621

CVE.ORG link : CVE-2025-26621

JSON object : View

Products Affected

citeum

opencti

CWE

CWE-94

Improper Control of Generation of Code ('Code Injection')

CWE-1321

Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

{"id": "CVE-2025-26621", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 7.6, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:L/A:H", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "NONE"}, "impactScore": 4.7, "exploitabilityScore": 2.3}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.8, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "NONE"}, "impactScore": 4.0, "exploitabilityScore": 2.3}]}, "published": "2025-05-19T16:15:28.560", "references": [{"url": "https://github.com/OpenCTI-Platform/opencti/security/advisories/GHSA-gq63-jm3h-374p", "tags": ["Vendor Advisory"], "source": "security-advisories@github.com"}, {"url": "https://github.com/OpenCTI-Platform/opencti/security/advisories/GHSA-mf88-g2wq-p7qm", "tags": ["Not Applicable"], "source": "security-advisories@github.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-94"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-1321"}]}], "descriptions": [{"lang": "en", "value": "OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. Prior to version 6.5.2, any user with the capability manage customizations can edit webhook that will execute javascript code. This can be abused to cause a denial of service attack by prototype pollution, making the node js server running the OpenCTI frontend become unavailable. Version 6.5.2 fixes the issue."}, {"lang": "es", "value": "OpenCTI es una plataforma de c\u00f3digo abierto para gestionar el conocimiento y los observables de inteligencia sobre ciberamenazas. Antes de la versi\u00f3n 6.5.2, cualquier usuario con la capacidad de gestionar personalizaciones pod\u00eda editar un webhook que ejecutar\u00eda c\u00f3digo JavaScript. Esto puede utilizarse para provocar un ataque de denegaci\u00f3n de servicio mediante la contaminaci\u00f3n del prototipo, lo que hace que el servidor Node.js que ejecuta el frontend de OpenCTI deje de estar disponible. La versi\u00f3n 6.5.2 soluciona este problema."}], "lastModified": "2025-08-06T17:54:26.333", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:citeum:opencti:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C768DE0B-9D53-46C1-A6FF-19AD67C08ACE", "versionEndExcluding": "6.5.2"}], "operator": "OR"}]}], "sourceIdentifier": "security-advisories@github.com"}