CVE-2025-61782

Medium CVSS: 5.4

OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. Prior to version 6.8.3, an open redirect vulnerability exists in the OpenCTI platform's SAML authentication endpoint (/auth/saml/callback). By manipulating the RelayState parameter, an attacker can force the server to issue a 302 redirect to any external URL, enabling phishing, credential theft, and arbitrary site redirection. This issue has been patched in version 6.8.3.

Vendor

Citeum

Product

Opencti

CWE

CWE-601

Yayın Tarihi

2026-01-07 18:15:51

Güncelleme

2026-01-20 18:50:03

Source Identifier

security-advisories@github.com

KEV Date Added

Kategoriler

CWE-601 Opencti MEDIUM Citeum 2026

Referanslar

https://github.com/OpenCTI-Platform/opencti/commit/f755165a26888925c4a58018f7238ff92a0bd378 https://github.com/OpenCTI-Platform/opencti/releases/tag/6.8.3 https://github.com/OpenCTI-Platform/opencti/security/advisories/GHSA-jc3f-c62g-v7qw

Benzer Kayıtlar

Medium

CVE-2026-21886

OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. Prior to version 6.…

High

CVE-2026-21887

OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. Prior to 6.8.16, th…

Medium

CVE-2020-37044

OpenCTI 3.3.1 is vulnerable to a reflected cross-site scripting (XSS) attack via the /graphql endpoint. An attacker can…

High

CVE-2020-37041

OpenCTI 3.3.1 is vulnerable to a directory traversal attack via the static/css endpoint. An unauthenticated attacker can…

High

CVE-2025-61781

OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. Prior to version 6.…

Medium

CVE-2025-46732

OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. Prior to version 6.…