{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-26621", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2025-02-12T14:51:02.719Z", "datePublished": "2025-05-19T16:01:50.419Z", "dateUpdated": "2025-05-19T18:01:05.372Z"}, "containers": {"cna": {"title": "OpenCTI vulnerable to Denial of Service through web hook", "problemTypes": [{"descriptions": [{"cweId": "CWE-94", "lang": "en", "description": "CWE-94: Improper Control of Generation of Code ('Code Injection')", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.6, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:L/A:H", "version": "3.1"}}], "references": [{"name": "https://github.com/OpenCTI-Platform/opencti/security/advisories/GHSA-gq63-jm3h-374p", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/OpenCTI-Platform/opencti/security/advisories/GHSA-gq63-jm3h-374p"}, {"name": "https://github.com/OpenCTI-Platform/opencti/security/advisories/GHSA-mf88-g2wq-p7qm", "tags": ["x_refsource_MISC"], "url": "https://github.com/OpenCTI-Platform/opencti/security/advisories/GHSA-mf88-g2wq-p7qm"}], "affected": [{"vendor": "OpenCTI-Platform", "product": "opencti", "versions": [{"version": "< 6.5.2", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2025-05-19T16:01:50.419Z"}, "descriptions": [{"lang": "en", "value": "OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. Prior to version 6.5.2, any user with the capability manage customizations can edit webhook that will execute javascript code. This can be abused to cause a denial of service attack by prototype pollution, making the node js server running the OpenCTI frontend become unavailable. Version 6.5.2 fixes the issue."}], "source": {"advisory": "GHSA-gq63-jm3h-374p", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-05-19T17:54:44.526781Z", "id": "CVE-2025-26621", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-05-19T18:01:05.372Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-26621", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-05-19T17:54:44.526781Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-05-19T17:59:06.084Z"}}], "cna": {"title": "OpenCTI vulnerable to Denial of Service through web hook", "source": {"advisory": "GHSA-gq63-jm3h-374p", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 7.6, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:L/A:H", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "NONE"}}], "affected": [{"vendor": "OpenCTI-Platform", "product": "opencti", "versions": [{"status": "affected", "version": "< 6.5.2"}]}], "references": [{"url": "https://github.com/OpenCTI-Platform/opencti/security/advisories/GHSA-gq63-jm3h-374p", "name": "https://github.com/OpenCTI-Platform/opencti/security/advisories/GHSA-gq63-jm3h-374p", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/OpenCTI-Platform/opencti/security/advisories/GHSA-mf88-g2wq-p7qm", "name": "https://github.com/OpenCTI-Platform/opencti/security/advisories/GHSA-mf88-g2wq-p7qm", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. Prior to version 6.5.2, any user with the capability manage customizations can edit webhook that will execute javascript code. This can be abused to cause a denial of service attack by prototype pollution, making the node js server running the OpenCTI frontend become unavailable. Version 6.5.2 fixes the issue."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-94", "description": "CWE-94: Improper Control of Generation of Code ('Code Injection')"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2025-05-19T16:01:50.419Z"}}}, "cveMetadata": {"cveId": "CVE-2025-26621", "state": "PUBLISHED", "dateUpdated": "2025-05-19T18:01:05.372Z", "dateReserved": "2025-02-12T14:51:02.719Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2025-05-19T16:01:50.419Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. Prior to version 6.5.2, any user with the capability manage customizations can edit webhook that will execute javascript code. This can be abused to cause a denial of service attack by prototype pollution, making the node js server running the OpenCTI frontend become unavailable. Version 6.5.2 fixes the issue."}, {"lang": "es", "value": "OpenCTI es una plataforma de c\u00f3digo abierto para gestionar el conocimiento y los observables de inteligencia sobre ciberamenazas. Antes de la versi\u00f3n 6.5.2, cualquier usuario con la capacidad de gestionar personalizaciones pod\u00eda editar un webhook que ejecutar\u00eda c\u00f3digo JavaScript. Esto puede utilizarse para provocar un ataque de denegaci\u00f3n de servicio mediante la contaminaci\u00f3n del prototipo, lo que hace que el servidor Node.js que ejecuta el frontend de OpenCTI deje de estar disponible. La versi\u00f3n 6.5.2 soluciona este problema."}], "id": "CVE-2025-26621", "lastModified": "2025-05-21T20:25:16.407", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.6, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:L/A:H", "version": "3.1"}, "exploitabilityScore": 2.3, "impactScore": 4.7, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2025-05-19T16:15:28.560", "references": [{"source": "security-advisories@github.com", "url": "https://github.com/OpenCTI-Platform/opencti/security/advisories/GHSA-gq63-jm3h-374p"}, {"source": "security-advisories@github.com", "url": "https://github.com/OpenCTI-Platform/opencti/security/advisories/GHSA-mf88-g2wq-p7qm"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-94"}], "source": "security-advisories@github.com", "type": "Primary"}]}

{}