CVE-2025-26621

CVSS v3.1

7.6

High

Vector

AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:L/A:H

Name of the Vulnerable Software and Affected Versions: OpenCTI versions prior to 6.5.2

Description: The issue affects an open source platform for managing cyber threat intelligence knowledge and observables. Prior to version 6.5.2, any user with the capability to manage customizations can edit a webhook that will execute JavaScript code. This can be abused to cause a denial of service attack by prototype pollution, making the Node.js server running the OpenCTI frontend become unavailable.

Recommendations: For versions prior to 6.5.2, update to version 6.5.2 to resolve the issue. As a temporary workaround, consider restricting the capability to manage customizations to prevent unauthorized users from editing webhooks.

Exploit

Fix

DoS

Prototype Pollution

Code Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-1321CWE-94

Related Identifiers

CVE-2025-26621

GHSA-GQ63-JM3H-374P

GHSA-MF88-G2WQ-P7QM

PYSEC-2025-180

Affected Products

Node.Js

Opencti

CVE-2025-26621

Weakness Enumeration

Related Identifiers

Affected Products

References · 9