What is the severity of CVE-2025-24887?

CVE-2025-24887 has been classified as a moderate severity vulnerability.

How do I fix CVE-2025-24887?

To fix CVE-2025-24887, upgrade OpenCTI to version 6.4.10 or later.

What versions of OpenCTI are affected by CVE-2025-24887?

OpenCTI versions from 6.4.8 to before 6.4.10 are affected by CVE-2025-24887.

What does the CVE-2025-24887 vulnerability allow an attacker to do?

CVE-2025-24887 allows a user to bypass allow/deny lists and modify attributes that should be unmodifiable.

Is there any known exploit for CVE-2025-24887?

As of now, there are no publicly disclosed exploits specifically targeting CVE-2025-24887.

Vulnerability/
CVE-2025-24887

medium

6.3

CWE

284 657

30/4/2025

2/5/2025

CVE-2025-24887: OpenCTI bypass of protected attribute update

First published: Wed Apr 30 2025(Updated: )

OpenCTI is an open-source cyber threat intelligence platform. In versions starting from 6.4.8 to before 6.4.10, the allow/deny lists can be bypassed, allowing a user to change attributes that are intended to be unmodifiable by the user. It is possible to toggle the `external` flag on/off and change the own token value for a user. It is also possible to edit attributes that are not in the allow list, such as `otp_qr` and `otp_activated`. If external users exist in the OpenCTI setup and the information about these users identities is sensitive, the above vulnerabilities can be used to enumerate existing user accounts as a standard low privileged user. This issue has been patched in version 6.4.10.

Credit: security-advisories@github.com

Affected Software	Affected Version	How to fix
OpenCTI	>=6.4.8<6.4.10

Never miss a vulnerability like this again

Reference Links

https://github.com/OpenCTI-Platform/opencti/security/advisories/GHSA-8262-pw2q-5qc3

Frequently Asked Questions

What is the severity of CVE-2025-24887?
CVE-2025-24887 has been classified as a moderate severity vulnerability.
How do I fix CVE-2025-24887?
To fix CVE-2025-24887, upgrade OpenCTI to version 6.4.10 or later.
What versions of OpenCTI are affected by CVE-2025-24887?
OpenCTI versions from 6.4.8 to before 6.4.10 are affected by CVE-2025-24887.
What does the CVE-2025-24887 vulnerability allow an attacker to do?
CVE-2025-24887 allows a user to bypass allow/deny lists and modify attributes that should be unmodifiable.
Is there any known exploit for CVE-2025-24887?
As of now, there are no publicly disclosed exploits specifically targeting CVE-2025-24887.

collector/mitre-cve
source/MITRE
agent/title
agent/references
agent/weakness
agent/description
agent/first-publish-date
agent/type
agent/guess-ai
agent/software-canonical-lookup
agent/software-canonical-lookup-request
agent/softwarecombine
collector/nvd-api
source/NVD
agent/author
agent/severity
agent/last-modified-date
agent/source
agent/tags
agent/event
vendor/opencti
canonical/opencti

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.