What is CVE-2025-24977?

CVE-2025-24977 is a critical-severity vulnerability in Opencti-platform Opencti, classified under Code Injection. CVSS score: 9.1/10. Published 2025-05-05.

How severe is CVE-2025-24977?

Critical severity. CVSS v3 base score is 9.1 out of 10.

RCE in Opencti-platform Opencti

CVE-2025-24977

OpenCTI is an open cyber threat intelligence (CTI) platform. Prior to version 6.4.11 any user with the capability `manage customizations` can execute commands on the underlying infrastructure where OpenCTI is hosted and can access internal…

Vulnerability class: RCE (Remote Code Execution)

EPSS: 0.005 (67.5th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 9.1 (Critical). Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H.

Affected products

Opencti-platform Opencti — versions < 6.4.11

Weakness classification (CWE)

CWE-94 — Code Injection

References

https://github.com/OpenCTI-Platform/opencti/security/advisories/GHSA-mf88-g2wq-p7qm (x_refsource_CONFIRM)

Frequently asked questions

What is CVE-2025-24977?: CVE-2025-24977 is a critical-severity vulnerability in Opencti-platform Opencti, classified under Code Injection. CVSS score: 9.1/10. Published 2025-05-05.
How severe is CVE-2025-24977?: Critical severity. CVSS v3 base score is 9.1 out of 10.