CVE-2025-24887

Name of the Vulnerable Software and Affected Versions OpenCTI versions 6.4.8 through 6.4.9

Description The issue allows a user to bypass allow/deny lists and modify attributes that are intended to be unmodifiable. This includes toggling the external flag on/off, changing the own token value for a user, and editing attributes not in the allow list, such as otp qr and otp activated. If external users exist in the OpenCTI setup with sensitive identity information, this can be used to enumerate existing user accounts as a standard low-privileged user.

Recommendations For OpenCTI versions 6.4.8 through 6.4.9, update to version 6.4.10 to resolve the issue. As a temporary workaround, consider restricting access to the external flag and token value modification functionality until the update is applied. Additionally, limit editing capabilities for attributes not in the allow list, such as otp qr and otp activated, to minimize the risk of exploitation.