CVE-2025-24977

CRITICAL Year: 2025
CVSS v3 Score
9.1
Critical
Weakness Type
CWE-94
View all →

Vulnerability Description

OpenCTI is an open cyber threat intelligence (CTI) platform. Prior to version 6.4.11 any user with the capability `manage customizations` can execute commands on the underlying infrastructure where OpenCTI is hosted and can access internal server side secrets by misusing the web-hooks. Since the malicious user gets a root shell inside a container this opens up the the infrastructure environment for further attacks and exposures. Version 6.4.11 fixes the issue.

Related Vulnerabilities

CVE-2017-2968

CRITICAL
CVSS:9.1(Critical)

Adobe Campaign versions 16.4 Build 8724 and earlier have a code injection vulnerability.

CWE-942017

CVE-2019-0330

CRITICAL
CVSS:9.1(Critical)

The OS Command Plugin in the transaction GPA_ADMIN and the OSCommand Console of SAP Diagnostic Agent (LM-Service), version 7.2, allow an attacker to inject code that can be executed by the application...

CWE-942019

CVE-2019-18582

CRITICAL
CVSS:9.1(Critical)

Dell EMC Data Protection Advisor versions 6.3, 6.4, 6.5, 18.2 versions prior to patch 83, and 19.1 versions prior to patch 71 contain a server-side template injection vulnerability in the REST API. A ...

CWE-942019

CVE-2019-6816

CRITICAL
CVSS:9.1(Critical)

In Modicon Quantum all firmware versions, a CWE-94: Code Injection vulnerability could cause an unauthorized firmware modification with possible Denial of Service when using Modbus protocol.

CWE-942019

CVE-2020-12013

CRITICAL
CVSS:9.1(Critical)

A specially crafted WCF client that interfaces to the may allow the execution of certain arbitrary SQL commands remotely. This affects: Mitsubishi Electric MC Works64 Version 4.02C (10.95.208.31) and ...

CWE-942020

CVE-2020-6318

CRITICAL
CVSS:9.1(Critical)

A Remote Code Execution vulnerability exists in the SAP NetWeaver (ABAP Server, up to release 7.40) and ABAP Platform (> release 7.40).Because of this, an attacker can exploit these products via Code ...

CWE-942020