{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-08T15:53:45.872","vulnerabilities":[{"cve":{"id":"CVE-2025-26621","sourceIdentifier":"security-advisories@github.com","published":"2025-05-19T16:15:28.560","lastModified":"2025-08-06T17:54:26.333","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. Prior to version 6.5.2, any user with the capability manage customizations can edit webhook that will execute javascript code. This can be abused to cause a denial of service attack by prototype pollution, making the node js server running the OpenCTI frontend become unavailable. Version 6.5.2 fixes the issue."},{"lang":"es","value":"OpenCTI es una plataforma de código abierto para gestionar el conocimiento y los observables de inteligencia sobre ciberamenazas. Antes de la versión 6.5.2, cualquier usuario con la capacidad de gestionar personalizaciones podía editar un webhook que ejecutaría código JavaScript. Esto puede utilizarse para provocar un ataque de denegación de servicio mediante la contaminación del prototipo, lo que hace que el servidor Node.js que ejecuta el frontend de OpenCTI deje de estar disponible. La versión 6.5.2 soluciona este problema."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:L/A:H","baseScore":7.6,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"HIGH"},"exploitabilityScore":2.3,"impactScore":4.7},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H","baseScore":6.8,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.3,"impactScore":4.0}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-94"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-1321"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:citeum:opencti:*:*:*:*:*:*:*:*","versionEndExcluding":"6.5.2","matchCriteriaId":"C768DE0B-9D53-46C1-A6FF-19AD67C08ACE"}]}]}],"references":[{"url":"https://github.com/OpenCTI-Platform/opencti/security/advisories/GHSA-gq63-jm3h-374p","source":"security-advisories@github.com","tags":["Vendor Advisory"]},{"url":"https://github.com/OpenCTI-Platform/opencti/security/advisories/GHSA-mf88-g2wq-p7qm","source":"security-advisories@github.com","tags":["Not Applicable"]}]}}]}