AI description
CVE-2025-24977 is a vulnerability found in OpenCTI, a cyber threat intelligence platform, up to version 6.4.10. It stems from a code injection flaw within the web-hook feature, where users with 'manage customizations' privileges can misuse web-hooks. This allows them to execute commands on the underlying infrastructure and gain access to internal server-side secrets. The vulnerability effectively grants a malicious user a root shell inside a container, potentially exposing the entire infrastructure to further attacks. A common setup of OpenCTI involves hosting it in containers, where sensitive secrets are passed via environment variables, making it easier to exploit. OpenCTI version 6.4.11 addresses this vulnerability.
- Description
- OpenCTI is an open cyber threat intelligence (CTI) platform. Prior to version 6.4.11 any user with the capability `manage customizations` can execute commands on the underlying infrastructure where OpenCTI is hosted and can access internal server side secrets by misusing the web-hooks. Since the malicious user gets a root shell inside a container this opens up the the infrastructure environment for further attacks and exposures. Version 6.4.11 fixes the issue.
- Source
- security-advisories@github.com
- NVD status
- Analyzed
CVSS 3.1
- Type
- Primary
- Base score
- 9.1
- Impact score
- 6
- Exploitability score
- 2.3
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
- Severity
- CRITICAL
- security-advisories@github.com
- CWE-94
- Hype score
- Not currently trending
Vulnerabilidad crítica en OpenCTI (CVE-2025-24977) Se ha descubierto una vulnerabilidad crítica en la popular plataforma de inteligencia cibernética y tecnología de la información (CTI) OpenCTI, que permite a los atacantes tomar el control de la infraestructura abusando del
@HackingTeam777
23 May 2025
2699 Impressions
25 Retweets
105 Likes
31 Bookmarks
1 Reply
0 Quotes
⚡️The vulnerability details are now available: https://t.co/t2IYwwUA5a 🚨🚨CVE-2025-24977 (CVSS 9.1) exposes OpenCTI to devastating RCE attacks! Any user with "manage customizations" can hijack webhooks to run root-level commands, steal server secrets, and unleash chaos
@zoomeye_team
9 May 2025
20 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CVE-2025-24977 (CVSS 9.1) hits OpenCTI! Critical Webhook flaw enables remote command execution, risking infrastructure takeover. Update to version 6.4.11 now! 🔒 https://t.co/N7jPLVRKgX #CyberSec #OpenCTI
@_F2po_
8 May 2025
18 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Warning: Critical Code Injection in #OpenCTI. #CVE-2025-24977 CVSS: 9.1. It can lead to arbitrary command execution and lateral movement. See advisory: https://t.co/ZMvyYmRICI #Patch #Patch #Patch
@CCBalert
7 May 2025
265 Impressions
1 Retweet
0 Likes
1 Bookmark
0 Replies
0 Quotes
🚨 CVE-2025-24977 ⚠️🔴 CRITICAL (9.1) 🏢 OpenCTI-Platform - opencti 🏗️ < 6.4.11 🔗 https://t.co/NRh6lukT3R #CyberCron #VulnAlert #InfoSec https://t.co/gz6r1Tcqv4
@cybercronai
7 May 2025
6 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨Alert🚨 CVE-2025-24977: Critical RCE Flaw in OpenCTI Platform Exposes Infrastructure to Root-Level Attacks 📊3.2K+ Services are found on the https://t.co/ysWb28BTvF yearly. 🔗Hunter Link:https://t.co/5zGUeGnY3m 👇Query HUNTER : https://t.co/q9rtuGfZuz="OpenCTI" FOFA :
@HunterMapping
7 May 2025
3800 Impressions
20 Retweets
48 Likes
26 Bookmarks
0 Replies
0 Quotes
CVE-2025-24977: Critical RCE Flaw in OpenCTI Platform Exposes Infrastructure to Root-Level Attacks https://t.co/lpSToj0aJR
@the_yellow_fall
7 May 2025
1981 Impressions
18 Retweets
57 Likes
13 Bookmarks
0 Replies
0 Quotes
良い子のみんな、GW 明けにアプデしてね~ > A critical vulnerability (CVE-2025-24977) with a CVSS score of 9.1 has been discovered in OpenCTI versions prior to 6.4.11 Secure OpenCTI by updating to version 6.4.11 now https://t.co/8Z5m9UDwMz
@strinsert1Na
6 May 2025
1602 Impressions
4 Retweets
17 Likes
4 Bookmarks
0 Replies
0 Quotes
CVE-2025-24977 OpenCTI Web-Hook Vulnerability Allows Root Shell and Infrastructure Acce... https://t.co/WPfn1MoPRR Vulnerability Notification: https://t.co/xhLrNnfyrO
@VulmonFeeds
5 May 2025
16 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨Critical Vulnerability in OpenCTI (CVE-2025-24977) Allows Infrastructure Takeover via Webhook Abuse https://t.co/fyGyDine1i
@DarkWebInformer
5 May 2025
3388 Impressions
3 Retweets
14 Likes
4 Bookmarks
1 Reply
0 Quotes
[CVE-2025-24977: CRITICAL] OpenCTI, a cyber threat intelligence platform, had a security flaw allowing users to execute commands and access server secrets. Update to version 6.4.11 to fix this vulnerability.#cve,CVE-2025-24977,#cybersecurity https://t.co/SjSM6Xr18e https://t.co/n
@CveFindCom
5 May 2025
22 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-24977 OpenCTI is an open cyber threat intelligence (CTI) platform. Prior to version 6.4.11 any user with the capability `manage customizations` can execute commands on the … https://t.co/ouC8tv8U5H
@CVEnew
5 May 2025
261 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:citeum:opencti:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "BDE087C8-44BE-4EFF-A831-9B06999CD8F2",
"versionEndExcluding": "6.4.11",
"versionStartIncluding": "6.4.8"
}
],
"operator": "OR"
}
]
}
]