EXECUTIVE SUMMARY:
A critical remote code execution (RCE) vulnerability, identified as CVE-2025-24977, has been discovered in OpenCTI version 6.4.8. This flaw resides in the platform's web-hook feature, which permits users to input JavaScript code within web-hook templates. An attacker can exploit this functionality to execute arbitrary commands on the host system, potentially accessing sensitive environment variables, especially in containerized deployments like Docker or Kubernetes. Such exploitation could grant root-level access, leading to severe risks including data breaches and system compromises.
RECOMMENDATION:
We recommend you upgrade to OpenCTI 6.4.11 or later.[/subscribe_to_unlock_form]
EXECUTIVE SUMMARY:
A critical remote code execution (RCE) vulnerability, identified as CVE-2025-24977, has been discovered in OpenCTI version 6.4.8. This flaw resides in the platform's web-hook feature, which permits users to input JavaScript code within web-hook templates. An attacker can exploit this functionality to execute arbitrary commands on the host system, potentially accessing sensitive environment variables, especially in containerized deployments like Docker or Kubernetes. Such exploitation could grant root-level access, leading to severe risks including data breaches and system compromises.
RECOMMENDATION:
We recommend you upgrade to OpenCTI 6.4.11 or later.[emaillocker id="1283"]
REFERENCES:
The following reports contain further technical details:
https://securityonline.info/cve-2025-24977-critical-rce-flaw-in-opencti-platform-exposes-infrastructure-to-root-level-attacks/