CVE-2025-61781

HIGH

Citeum Opencti < 6.8.1 - Incorrect Authorization

Title source: rule

Description

OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. Prior to version 6.8.1, the GraphQL mutation "WorkspacePopoverDeletionMutation" allows users to delete workspace-related objects such as dashboards and investigation cases. However, the mutation lacks proper authorization checks to verify ownership of the targeted resources. An attacker can exploit this by supplying an active UUID of another user. Since the API does not validate whether the requester owns the resource, the mutation executes successfully, resulting in unauthorized deletion of the entire workspace. Version 6.8.1 fixes the issue.

References (1)

[Vendor Advisory] https://github.com/OpenCTI-Platform/opencti/security/advisories/GHSA-pr6m-q4g7-342c

Scores

CVSS v3 7.1

EPSS 0.0015

EPSS Percentile 34.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-566 CWE-285 CWE-915 CWE-863

Status published

Products (1)

citeum/opencti < 6.8.1

Published Jan 05, 2026

Tracked Since Feb 18, 2026