PYSEC-2025-180

See a problem?

Import Source

https://github.com/pypa/advisory-database/blob/main/vulns/pycti/PYSEC-2025-180.yaml

JSON Data

https://api.osv.dev/v1/vulns/PYSEC-2025-180

Aliases

CVE-2025-26621

Related

GHSA-gq63-jm3h-374p
GHSA-mf88-g2wq-p7qm

Published

2025-05-19T16:15:28.560Z

Modified

2026-05-20T09:19:14.289613Z

Severity

6.8 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H CVSS Calculator

Summary

[none]

Details

OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. Prior to version 6.5.2, any user with the capability manage customizations can edit webhook that will execute javascript code. This can be abused to cause a denial of service attack by prototype pollution, making the node js server running the OpenCTI frontend become unavailable. Version 6.5.2 fixes the issue.

References

Affected packages

PyPI / pycti

Package

Name: pycti; View open source insights on deps.dev
Purl: pkg:pypi/pycti

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

6.5.2

Affected versions

1.*

1.2.1

1.2.2

1.2.4

1.2.9

1.2.11

1.2.12

1.2.13

1.2.14

1.2.15

2.*

2.0.0

2.0.1

2.0.2

2.0.3

2.1.3

2.1.4

2.1.5

2.1.6

2.1.7

2.1.8

2.1.9

2.1.10

2.1.11

2.1.12

2.1.13

3.*

3.0.0

3.0.1

3.0.2

3.0.3

3.1.0

3.1.1

3.1.2

3.2.0

3.2.1

3.2.2

3.2.3

3.2.4

3.2.5

3.2.6

3.2.7

3.3.0

3.3.1

3.3.2

3.3.3

4.*

4.0.0

4.0.1

4.0.2

4.0.3

4.0.4

4.0.5

4.0.6

4.0.7

4.1.0

4.1.1

4.1.2

4.2.1

4.2.2

4.2.3

4.2.4

4.3.0

4.3.1

4.3.2

4.3.3

4.3.4

4.3.5

4.4.0

4.4.1

4.4.2

4.4.3

4.5.0

4.5.1

4.5.2

4.5.3

4.5.4

4.5.5

5.*

5.0.0

5.0.1

5.0.2

5.0.3

5.1.0

5.1.1

5.1.2

5.1.3

5.1.4

5.2.0

5.2.1

5.2.2

5.2.3

5.2.4

5.3.0

5.3.post5310

5.3.post5311

5.3.post5312

5.3.post5314

5.3.post5315

5.3.post5316

5.3.post5317

5.3.post5318

5.3.1

5.3.2

5.3.3

5.3.4

5.3.5

5.3.6

5.3.7

5.3.8

5.3.9

5.3.10

5.3.11

5.3.12

5.3.13

5.3.14

5.3.15

5.3.16

5.3.17

5.4.0

5.4.1

5.5.0

5.5.post551

5.5.post552

5.5.post553

5.5.post554

5.5.post555

5.5.post556

5.5.1

5.5.2

5.5.3

5.5.4

5.5.5

5.5.6

5.6.0

5.6.post560

5.6.post561

5.6.post562

5.6.1

5.6.2

5.7.0

5.7.post570

5.7.post571

5.7.post572

5.7.post573

5.7.post574

5.7.post575

5.7.post576

5.7.1

5.7.2

5.7.3

5.7.4

5.7.5

5.7.6

5.8.0

5.8.1

5.8.2

5.8.3

5.8.4

5.8.5

5.8.6

5.8.7

5.9.0

5.9.1

5.9.2

5.9.3

5.9.4

5.9.5

5.9.6

5.10.0

5.10.1

5.10.2

5.10.3

5.11.0

5.11.1

5.11.2

5.11.3

5.11.4

5.11.5

5.11.6

5.11.7

5.11.8

5.11.9

5.11.10

5.11.11

5.11.12

5.11.13

5.11.14

5.12.0

5.12.1

5.12.2

5.12.3

5.12.4

5.12.5

5.12.6

5.12.7

5.12.8

5.12.9

5.12.10

5.12.11

5.12.12

5.12.13

5.12.14

5.12.15

5.12.16

5.12.17

5.12.18

5.12.19

5.12.20

5.12.21

5.12.22

5.12.23

5.12.24

5.12.25

5.12.26

5.12.27

5.12.28

5.12.29

5.12.30

5.12.31

5.12.32

5.12.33

6.*

6.0.0

6.0.1

6.0.2

6.0.3

6.0.4

6.0.5

6.0.6

6.0.7

6.0.8

6.0.9

6.0.10

6.1.0

6.1.1

6.1.2

6.1.3

6.1.4

6.1.5

6.1.6

6.1.7

6.1.8

6.1.9

6.1.10

6.1.11

6.1.12

6.1.13

6.2.0

6.2.1

6.2.2

6.2.3

6.2.4

6.2.5

6.2.6

6.2.7

6.2.8

6.2.9

6.2.10

6.2.11

6.2.12

6.2.13

6.2.14

6.2.15

6.2.16

6.2.17

6.2.18

6.2.19

6.3.0

6.3.1

6.3.2

6.3.3

6.3.4

6.3.5

6.3.6

6.3.7

6.3.8

6.3.9

6.3.10

6.3.11

6.3.12

6.3.13

6.3.14

6.4.0

6.4.1

6.4.2

6.4.3

6.4.4

6.4.5

6.4.6

6.4.7

6.4.8

6.4.9

6.4.10

6.4.11

6.5.0

6.5.1

Database specific

source

"https://github.com/pypa/advisory-database/blob/main/vulns/pycti/PYSEC-2025-180.yaml"