Open Redirect Risk in OpenCTI Platform's SAML Authentication Endpoint
CVE-2025-61782

5.4MEDIUM

Key Information:

Vendor

Opencti-platform

Status
Opencti
Vendor
CVE Published:
7 January 2026

What is CVE-2025-61782?

The OpenCTI platform has a vulnerability in its SAML authentication callback endpoint, where the RelayState parameter can be manipulated. This leads to an open redirect issue that allows attackers to redirect users to malicious external URLs. Such exploitation can facilitate phishing attacks and compromise user credentials. The vulnerability has been resolved in version 6.8.3, and users are urged to upgrade to this version or later to mitigate risks.

Affected Version(s)

opencti < 6.8.3

References

https://github.com/OpenCTI-Platform/opencti/security/advi...
x_refsource_CONFIRM
https://github.com/OpenCTI-Platform/opencti/commit/f75516...
x_refsource_MISC
https://github.com/OpenCTI-Platform/opencti/releases/tag/...
x_refsource_MISC

CVSS V3.1

Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.