Primary

Context

OpenCTI Denial-of-Service Vulnerability via Webhook Prototype Pollution

Vulnerability

A denial-of-service vulnerability has been identified in OpenCTI versions prior to 6.5.2. The issue arises when users with the capability to manage customizations edit webhooks that execute JavaScript code. This functionality can be exploited to cause prototype pollution, leading to the Node.js server running the OpenCTI frontend becoming unavailable.

Impact

Exploitation of this vulnerability causes the Node.js server hosting the OpenCTI frontend to become unavailable, leading to a denial-of-service condition.

Remediation

Users can upgrade to OpenCTI version 6.5.2 or later to address this vulnerability.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

4.8

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

4.8

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

OpenCTI Denial-of-Service Vulnerability via Webhook Prototype Pollution

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating