CVE-2025-24977

Name of the Vulnerable Software and Affected Versions OpenCTI versions prior to 6.4.11

Description OpenCTI is an open cyber threat intelligence (CTI) platform. Prior to version 6.4.11, any user with the capability manage customizations can execute commands on the underlying infrastructure where OpenCTI is hosted and can access internal server-side secrets by misusing the web-hooks. Since the malicious user gets a root shell inside a container, this opens up the infrastructure environment for further attacks and exposures. Over 3,200 services are potentially affected.

Recommendations Update to version 6.4.11 to fix the issue. Check webhook settings and restrict access to only trusted sources. Analyze event logs for suspicious activity. As a temporary workaround, consider restricting access to the manage customizations capability until the update is applied.