CVE-2025-24977: Critical RCE Flaw in OpenCTI Platform Exposes Infrastructure to Root-Level Attacks
Ddos 
A critical security vulnerability has been identified in the OpenCTI Platform, an open-source solution used by organizations to manage cyber threat intelligence. The vulnerability, tracked as CVE-2025-24977 and assigned a severe CVSS score of 9.1, could allow attackers to execute commands on the hosting infrastructure and access sensitive secrets.
OpenCTI is designed to structure, store, organize and visualize technical and non-technical information about cyber threats. However, this newly discovered flaw poses a significant risk to organizations relying on the platform.
The vulnerability lies within the web-hook feature of OpenCTI. According to the advisory, the “web-hook feature in OpenCTI allows users to customise messages sent through web-hooks.” The functionality is “built upon javascript, which a user can enter in a web-hook template field.”
The core issue is that “a malicious user can abuse this to execute commands in the hosting environment on which OpenCTI is executing.” While “a protection layer has been added to guard against using external modules in the javascript code for the web hooks, but these can be bypassed.”
Furthermore, the advisory highlights a critical risk related to how OpenCTI is commonly deployed. “A common implementation of OpenCTI is to host it in containers, either directly in docker or in a Kubernetes cluster and in these setups sensitive secrets are passed to the container via environment variables. These environment variables are accessible from the web-hook javascript.” This means that attackers could potentially gain access to sensitive information stored within the container environment.
The potential impact of this vulnerability is severe. “Since the malicious user gets a root shell inside a container this opens up the the infrastructure environment for further attacks and exposures.” Successful exploitation could lead to a wide range of malicious activities, including data breaches, system compromise, and lateral movement within the affected network.
The affected version of OpenCTI Platform is:
- 6.4.8
The patched version, which resolves this vulnerability, is:
- 6.4.11
Users of the OpenCTI Platform are strongly advised to upgrade your OpenCTI Platform instance to version 6.4.11 or later to mitigate the risk posed by CVE-2025-24977.
Donate