Q: Root Cause? (CWE/Flaw)

🛡️ **Root Cause**: **CWE-94** (Code Injection). The flaw allows abuse of the `manage customizations` permission to inject malicious code.

Q: Who is affected? (Versions/Components)

🏢 **Affected**: **OpenCTI Platform** (Product: opencti). Specifically versions **prior to 6.4.11**.

Q: What can hackers do? (Privileges/Data)

💀 **Attacker Capabilities**: With `manage customizations` rights, hackers can **execute commands** and **access confidential data** on the server.

Q: Is exploitation threshold high? (Auth/Config)

🔒 **Threshold**: **Medium**. Requires **High Privileges** (PR:H) but has **Low Complexity** (AC:L) and **No User Interaction** (UI:N).

Q: Is there a public Exp? (PoC/Wild Exploitation)

📦 **Public Exp?**: **No**. The `pocs` field is empty. No public Proof-of-Concept or wild exploitation detected yet.

Q: How to self-check? (Features/Scanning)

🔍 **Self-Check**: Scan for **OpenCTI versions < 6.4.11**. Check if users have `manage customizations` permissions enabled.

Q: Is it fixed officially? (Patch/Mitigation)

✅ **Fixed?**: **Yes**. Upgrade to **OpenCTI 6.4.11** or later. See GitHub Advisory GHSA-mf88-g2wq-p7qm.

Q: What if no patch? (Workaround)

⚠️ **No Patch?**: Restrict `manage customizations` permissions strictly. Disable or monitor **web-hooks** closely to prevent abuse.

Q: Is it urgent? (Priority Suggestion)

🔥 **Urgency**: **High**. CVSS Score is **Critical** (9.8). Immediate patching is recommended to prevent full server compromise.

Question 1

What is this vulnerability? (Essence + Consequences)

Accepted Answer

🚨 **Essence**: OpenCTI < 6.4.11 suffers from **Code Injection**. 📉 **Consequences**: Attackers can execute arbitrary commands and steal server-side secrets via web-hooks.

Question 2

Root Cause? (CWE/Flaw)

Accepted Answer

🛡️ **Root Cause**: **CWE-94** (Code Injection). The flaw allows abuse of the `manage customizations` permission to inject malicious code.

Question 3

Who is affected? (Versions/Components)

Accepted Answer

🏢 **Affected**: **OpenCTI Platform** (Product: opencti). Specifically versions **prior to 6.4.11**.

Question 4

What can hackers do? (Privileges/Data)

Accepted Answer

💀 **Attacker Capabilities**: With `manage customizations` rights, hackers can **execute commands** and **access confidential data** on the server.

Question 5

Is exploitation threshold high? (Auth/Config)

Accepted Answer

🔒 **Threshold**: **Medium**. Requires **High Privileges** (PR:H) but has **Low Complexity** (AC:L) and **No User Interaction** (UI:N).

Question 6

Is there a public Exp? (PoC/Wild Exploitation)

Accepted Answer

📦 **Public Exp?**: **No**. The `pocs` field is empty. No public Proof-of-Concept or wild exploitation detected yet.

Question 7

How to self-check? (Features/Scanning)

Accepted Answer

🔍 **Self-Check**: Scan for **OpenCTI versions < 6.4.11**. Check if users have `manage customizations` permissions enabled.

Question 8

Is it fixed officially? (Patch/Mitigation)

Accepted Answer

✅ **Fixed?**: **Yes**. Upgrade to **OpenCTI 6.4.11** or later. See GitHub Advisory GHSA-mf88-g2wq-p7qm.

Question 9

What if no patch? (Workaround)

Accepted Answer

⚠️ **No Patch?**: Restrict `manage customizations` permissions strictly. Disable or monitor **web-hooks** closely to prevent abuse.

Question 10

Is it urgent? (Priority Suggestion)

Accepted Answer

🔥 **Urgency**: **High**. CVSS Score is **Critical** (9.8). Immediate patching is recommended to prevent full server compromise.

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2025-24977 — AI Deep Analysis Summary

Q1What is this vulnerability? (Essence + Consequences)

Q2Root Cause? (CWE/Flaw)

Q3Who is affected? (Versions/Components)

Q4What can hackers do? (Privileges/Data)

Q5Is exploitation threshold high? (Auth/Config)

Q6Is there a public Exp? (PoC/Wild Exploitation)

Q7How to self-check? (Features/Scanning)

Q8Is it fixed officially? (Patch/Mitigation)

Q9What if no patch? (Workaround)

Q10Is it urgent? (Priority Suggestion)

Continue exploring