CNNVD-202507-2438 Information

CNNVD ID

CNNVD-202507-2438

Related CVE

CVE-2025-46732

• CNNVD Published: 2025-07-18

Description (Chinese)

OpenCTI是OpenCTI开源的一个开放网络威胁情报平台。 OpenCTI 6.6.6之前版本存在授权问题漏洞，该漏洞源于IDOR漏洞，可能导致未授权访问或修改通知。

Description (English)

OpenCTI is an open web threat information platform for OpenCTI open sources. The previous version of OpenCTI 6.6.6 had a loophole in the delegation of authority, which originated in an IDOR loophole that could lead to unauthorized access or amendment of notifications.

Hazard Level

High

Vulnerability Type

授权问题

Affected Vendor

OpenCTI

Published

2025-07-18

Last Modified

2026-02-24

References

https://github.com/OpenCTI-Platform/opencti/security/advisories/GHSA-535g-qp2c-h7vp https://access.redhat.com/security/cve/cve-2025-46732

Patch

https://github.com/OpenCTI-Platform/opencti/releases