CVE-2025-61781

Name of the Vulnerable Software and Affected Versions OpenCTI versions prior to 6.8.1

Description OpenCTI is a platform for managing cyber threat intelligence knowledge and observables. The GraphQL mutation WorkspacePopoverDeletionMutation lacks proper authorization checks, allowing users to delete workspace-related objects, such as dashboards and investigation cases, without verifying ownership. An attacker can exploit this by providing an active UUID belonging to another user. Because the API does not validate resource ownership, the mutation executes successfully, leading to unauthorized deletion of workspace data.

Recommendations Update to version 6.8.1 or later to resolve this issue.