CVE-2025-26621 — HIGH (7.6)

Q: How severe is CVE-2025-26621?

CVE-2025-26621 has been rated HIGH with a CVSS base score of 7.6/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2025-26621?

Check the references section above for vendor advisories and patch information. Affected products include: Citeum Opencti.

Vulnerability Description

OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. Prior to version 6.5.2, any user with the capability manage customizations can edit webhook that will execute javascript code. This can be abused to cause a denial of service attack by prototype pollution, making the node js server running the OpenCTI frontend become unavailable. Version 6.5.2 fixes the issue.

CVSS Score

7.6

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:L/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality

NONE

Integrity

LOW

Availability

HIGH

Affected Products

Vendor	Product	Versions
Citeum	Opencti	< 6.5.2

Related Weaknesses (CWE)

CWE-94 CWE-1321

References

https://github.com/OpenCTI-Platform/opencti/security/advisories/GHSA-gq63-jm3h-3Vendor Advisory
https://github.com/OpenCTI-Platform/opencti/security/advisories/GHSA-mf88-g2wq-pNot Applicable

FAQ

What is CVE-2025-26621?

CVE-2025-26621 is a vulnerability with a CVSS score of 7.6 (HIGH). OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. Prior to version 6.5.2, any user with the capability manage customizations can edit webhook that wi...

How severe is CVE-2025-26621?

CVE-2025-26621 has been rated HIGH with a CVSS base score of 7.6/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2025-26621?

Check the references section above for vendor advisories and patch information. Affected products include: Citeum Opencti.