CVE-2025-24977

Published May 5, 2025

Last updated 5 days ago

CVSS critical 9.1
OpenCTI

Overview

AI description

Automated description summarized from trusted sources.

CVE-2025-24977 is a vulnerability found in OpenCTI, a cyber threat intelligence platform, up to version 6.4.10. It stems from a code injection flaw within the web-hook feature, where users with 'manage customizations' privileges can misuse web-hooks. This allows them to execute commands on the underlying infrastructure and gain access to internal server-side secrets. The vulnerability effectively grants a malicious user a root shell inside a container, potentially exposing the entire infrastructure to further attacks. A common setup of OpenCTI involves hosting it in containers, where sensitive secrets are passed via environment variables, making it easier to exploit. OpenCTI version 6.4.11 addresses this vulnerability.

Description
OpenCTI is an open cyber threat intelligence (CTI) platform. Prior to version 6.4.11 any user with the capability `manage customizations` can execute commands on the underlying infrastructure where OpenCTI is hosted and can access internal server side secrets by misusing the web-hooks. Since the malicious user gets a root shell inside a container this opens up the the infrastructure environment for further attacks and exposures. Version 6.4.11 fixes the issue.
Source
security-advisories@github.com
NVD status
Awaiting Analysis

Risk scores

CVSS 3.1

Type
Secondary
Base score
9.1
Impact score
6
Exploitability score
2.3
Vector string
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Severity
CRITICAL

Weaknesses

security-advisories@github.com
CWE-94

Social media

Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.

Hype score

1

  1. ⚡️The vulnerability details are now available: https://t.co/t2IYwwUA5a 🚨🚨CVE-2025-24977 (CVSS 9.1) exposes OpenCTI to devastating RCE attacks! Any user with "manage customizations" can hijack webhooks to run root-level commands, steal server secrets, and unleash chaos

    @zoomeye_team

    9 May 2025

    20 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. 🚨 CVE-2025-24977 (CVSS 9.1) hits OpenCTI! Critical Webhook flaw enables remote command execution, risking infrastructure takeover. Update to version 6.4.11 now! 🔒 https://t.co/N7jPLVRKgX #CyberSec #OpenCTI

    @_F2po_

    8 May 2025

    18 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. Warning: Critical Code Injection in #OpenCTI. #CVE-2025-24977 CVSS: 9.1. It can lead to arbitrary command execution and lateral movement. See advisory: https://t.co/ZMvyYmRICI #Patch #Patch #Patch

    @CCBalert

    7 May 2025

    265 Impressions

    1 Retweet

    0 Likes

    1 Bookmark

    0 Replies

    0 Quotes

  4. 🚨 CVE-2025-24977 ⚠️🔴 CRITICAL (9.1) 🏢 OpenCTI-Platform - opencti 🏗️ < 6.4.11 🔗 https://t.co/NRh6lukT3R #CyberCron #VulnAlert #InfoSec https://t.co/gz6r1Tcqv4

    @cybercronai

    7 May 2025

    6 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  5. 🚨Alert🚨 CVE-2025-24977: Critical RCE Flaw in OpenCTI Platform Exposes Infrastructure to Root-Level Attacks 📊3.2K+ Services are found on the https://t.co/ysWb28BTvF yearly. 🔗Hunter Link:https://t.co/5zGUeGnY3m 👇Query HUNTER : https://t.co/q9rtuGfZuz="OpenCTI" FOFA :

    @HunterMapping

    7 May 2025

    3800 Impressions

    20 Retweets

    48 Likes

    26 Bookmarks

    0 Replies

    0 Quotes

  6. CVE-2025-24977: Critical RCE Flaw in OpenCTI Platform Exposes Infrastructure to Root-Level Attacks https://t.co/lpSToj0aJR

    @the_yellow_fall

    7 May 2025

    1981 Impressions

    18 Retweets

    57 Likes

    13 Bookmarks

    0 Replies

    0 Quotes

  7. 良い子のみんな、GW 明けにアプデしてね~ > A critical vulnerability (CVE-2025-24977) with a CVSS score of 9.1 has been discovered in OpenCTI versions prior to 6.4.11 Secure OpenCTI by updating to version 6.4.11 now https://t.co/8Z5m9UDwMz

    @strinsert1Na

    6 May 2025

    1602 Impressions

    4 Retweets

    17 Likes

    4 Bookmarks

    0 Replies

    0 Quotes

  8. CVE-2025-24977 OpenCTI Web-Hook Vulnerability Allows Root Shell and Infrastructure Acce... https://t.co/WPfn1MoPRR Vulnerability Notification: https://t.co/xhLrNnfyrO

    @VulmonFeeds

    5 May 2025

    16 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  9. 🚨Critical Vulnerability in OpenCTI (CVE-2025-24977) Allows Infrastructure Takeover via Webhook Abuse https://t.co/fyGyDine1i

    @DarkWebInformer

    5 May 2025

    3388 Impressions

    3 Retweets

    14 Likes

    4 Bookmarks

    1 Reply

    0 Quotes

  10. [CVE-2025-24977: CRITICAL] OpenCTI, a cyber threat intelligence platform, had a security flaw allowing users to execute commands and access server secrets. Update to version 6.4.11 to fix this vulnerability.#cve,CVE-2025-24977,#cybersecurity https://t.co/SjSM6Xr18e https://t.co/n

    @CveFindCom

    5 May 2025

    22 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  11. CVE-2025-24977 OpenCTI is an open cyber threat intelligence (CTI) platform. Prior to version 6.4.11 any user with the capability `manage customizations` can execute commands on the … https://t.co/ouC8tv8U5H

    @CVEnew

    5 May 2025

    261 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

References

Sources include official advisories and independent security research.