Denial of Service Vulnerability in OpenCTI by OpenCTI Platform
CVE-2025-26621

6.8MEDIUM

Key Information:

Vendor: Opencti-platform
Status: Opencti
Vendor: CVE Published:; 19 May 2025

🔔 Create Opencti-platform Vulnerability Alert

What is CVE-2025-26621?

OpenCTI, an open-source platform for managing cyber threat intelligence, contains a vulnerability that allows users with customization management capabilities to alter webhooks. This alteration can lead to the execution of JavaScript code, resulting in a denial of service by exploiting prototype pollution. Consequently, this makes the Node.js server running the OpenCTI frontend become unavailable. The issue has been rectified in version 6.5.2.

Affected Version(s)

opencti < 6.5.2

References

https://github.com/OpenCTI-Platform/opencti/security/advi...

x_refsource_CONFIRM

https://github.com/OpenCTI-Platform/opencti/security/advi...

x_refsource_MISC

CVSS V3.1

Score:

6.8

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 19, 2025
Vulnerability Reserved
Feb 12, 2025

CVE-2025-26621 Data

JSON