Unrated severityNVD Advisory· Published May 19, 2025· Updated May 19, 2025

OpenCTI vulnerable to Denial of Service through web hook

CVE-2025-26621

Description

OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. Prior to version 6.5.2, any user with the capability manage customizations can edit webhook that will execute javascript code. This can be abused to cause a denial of service attack by prototype pollution, making the node js server running the OpenCTI frontend become unavailable. Version 6.5.2 fixes the issue.

Affected products

Opencti Platform/Openctiv5
Range: < 6.5.2

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/OpenCTI-Platform/opencti/security/advisories/GHSA-gq63-jm3h-374pmitrex_refsource_CONFIRM
github.com/OpenCTI-Platform/opencti/security/advisories/GHSA-mf88-g2wq-p7qmmitrex_refsource_MISC

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000