🚨 Critical Security Vulnerability
🆔 CVE-2025-24977
💣 CVSS Score: 9.1 (Critical)
📅 Published: 2025-05-05
🔹 TL;DR
A critical vulnerability in OpenCTI versions prior to 6.4.11 allows users with the manage customizations capability to execute arbitrary commands on the host system via misuse of webhooks, potentially leading to full infrastructure compromise.
🔸 Affected Versions
- OpenCTI versions before 6.4.11
⚠️ Vulnerability Details
OpenCTI is an open-source cyber threat intelligence platform. In versions prior to 6.4.11, users possessing the manage customizations capability can exploit webhooks to execute commands on the underlying infrastructure. This misuse can grant the attacker a root shell inside a container, exposing internal server-side secrets and potentially compromising the entire infrastructure.
🔧 Recommended Action
- Upgrade to OpenCTI version 6.4.11 or later immediately.
- Review user permissions, especially for the
manage customizationscapability, and restrict them to trusted individuals. - Audit webhook configurations to ensure they are not susceptible to misuse.
👤 Affected Environments
- Organizations deploying OpenCTI versions prior to 6.4.11.
- Environments where users have been granted the
manage customizationscapability without strict oversight.
🛠 References
🧠 TTPs (MITRE Mapping)
- T1059 – Command and Scripting Interpreter
- T1068 – Exploitation for Privilege Escalation
- T1210 – Exploitation of Remote Services
%20Allows%20Infrastructure%20Takeover%20via%20Webhook%20Abuse){kind=link}