- Description
- OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. Prior to version 6.8.1, the GraphQL mutation "WorkspacePopoverDeletionMutation" allows users to delete workspace-related objects such as dashboards and investigation cases. However, the mutation lacks proper authorization checks to verify ownership of the targeted resources. An attacker can exploit this by supplying an active UUID of another user. Since the API does not validate whether the requester owns the resource, the mutation executes successfully, resulting in unauthorized deletion of the entire workspace. Version 6.8.1 fixes the issue.
- Source
- security-advisories@github.com
- NVD status
- Analyzed
- Products
- opencti
CVSS 3.1
- Type
- Primary
- Base score
- 9.1
- Impact score
- 5.2
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
- Severity
- CRITICAL
- Hype score
- Not currently trending
CVE-2025-61781 Unauthorized Workspace Deletion Vulnerability in OpenCTI Platform... https://t.co/CiiQzFY7S5 Customizable Vulnerability Alerts: https://t.co/U7998fz7yk
@VulmonFeeds
5 Jan 2026
11 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-61781 OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. Prior to version 6.8.1, the GraphQL mutation "WorkspacePopoverDel… https://t.co/9xxo8sG9t4
@CVEnew
5 Jan 2026
124 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:citeum:opencti:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F79A2E14-8F36-47B3-9637-16A9A9EE2088",
"versionEndExcluding": "6.8.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
]