{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-15T15:11:34.556","vulnerabilities":[{"cve":{"id":"CVE-2025-24977","sourceIdentifier":"security-advisories@github.com","published":"2025-05-05T17:18:47.397","lastModified":"2025-05-22T15:52:33.763","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"OpenCTI is an open cyber threat intelligence (CTI) platform. Prior to version 6.4.11 any user with the capability `manage customizations` can execute commands on the underlying infrastructure where OpenCTI is hosted and can access internal server side secrets by misusing the web-hooks. Since the malicious user gets a root shell inside a container this opens up the the infrastructure environment for further attacks and exposures. Version 6.4.11 fixes the issue."},{"lang":"es","value":"OpenCTI es una plataforma abierta de inteligencia de ciberamenazas (CTI). Antes de la versión 6.4.11, cualquier usuario con la capacidad de \"gestionar personalizaciones\" podía ejecutar comandos en la infraestructura subyacente donde se alojaba OpenCTI y acceder a secretos internos del servidor mediante el uso indebido de webhooks. Dado que el usuario malicioso obtiene un shell root dentro de un contenedor, esto expone la infraestructura a nuevos ataques y exposiciones. La versión 6.4.11 soluciona este problema."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H","baseScore":9.1,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.3,"impactScore":6.0},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H","baseScore":9.1,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.3,"impactScore":6.0}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-94"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:citeum:opencti:*:*:*:*:*:*:*:*","versionStartIncluding":"6.4.8","versionEndExcluding":"6.4.11","matchCriteriaId":"BDE087C8-44BE-4EFF-A831-9B06999CD8F2"}]}]}],"references":[{"url":"https://github.com/OpenCTI-Platform/opencti/security/advisories/GHSA-mf88-g2wq-p7qm","source":"security-advisories@github.com","tags":["Vendor Advisory"]}]}}]}