PYSEC-2025-181
See a problem?- Import Source
- https://github.com/pypa/advisory-database/blob/main/vulns/pycti/PYSEC-2025-181.yaml
- JSON Data
- https://api.osv.dev/v1/vulns/PYSEC-2025-181
- Aliases
-
- CVE-2025-46732
- GHSA-535g-qp2c-h7vp
- Published
- 2025-07-18T15:15:27.200Z
- Modified
- 2026-05-20T09:19:14.359055Z
- Severity
-
- 5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N CVSS Calculator
- Summary
- [none]
- Details
-
OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. Prior to version 6.6.6, an IDOR vulnerability in the GrapQL
NotificationLineNotificationMarkReadMutationandNotificationLineNotificationDeleteMutationmutations of OpenCTI allows an authenticated user to change the read status of a notification or delete a notification of another user in case he has knowledge of the UUID of the notification. When changing the read status of a notification, the user also receives the content of the notification they changed the read status of. Authenticated Users in OpenCTI can read, modify and delete notification of other users if they know the UUID of the notification. Version 6.6.6 fixes the issue. - References
Affected packages
PyPI / pycti
Package
- Name
- pycti
- View open source insights on deps.dev
- Purl
- pkg:pypi/pycti
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed6.6.6
Affected versions
1.*
1.2.1
1.2.2
1.2.4
1.2.9
1.2.11
1.2.12
1.2.13
1.2.14
1.2.15
2.*
2.0.0
2.0.1
2.0.2
2.0.3
2.1.3
2.1.4
2.1.5
2.1.6
2.1.7
2.1.8
2.1.9
2.1.10
2.1.11
2.1.12
2.1.13
3.*
3.0.0
3.0.1
3.0.2
3.0.3
3.1.0
3.1.1
3.1.2
3.2.0
3.2.1
3.2.2
3.2.3
3.2.4
3.2.5
3.2.6
3.2.7
3.3.0
3.3.1
3.3.2
3.3.3
4.*
4.0.0
4.0.1
4.0.2
4.0.3
4.0.4
4.0.5
4.0.6
4.0.7
4.1.0
4.1.1
4.1.2
4.2.1
4.2.2
4.2.3
4.2.4
4.3.0
4.3.1
4.3.2
4.3.3
4.3.4
4.3.5
4.4.0
4.4.1
4.4.2
4.4.3
4.5.0
4.5.1
4.5.2
4.5.3
4.5.4
4.5.5
5.*
5.0.0
5.0.1
5.0.2
5.0.3
5.1.0
5.1.1
5.1.2
5.1.3
5.1.4
5.2.0
5.2.1
5.2.2
5.2.3
5.2.4
5.3.0
5.3.post5310
5.3.post5311
5.3.post5312
5.3.post5314
5.3.post5315
5.3.post5316
5.3.post5317
5.3.post5318
5.3.1
5.3.2
5.3.3
5.3.4
5.3.5
5.3.6
5.3.7
5.3.8
5.3.9
5.3.10
5.3.11
5.3.12
5.3.13
5.3.14
5.3.15
5.3.16
5.3.17
5.4.0
5.4.1
5.5.0
5.5.post551
5.5.post552
5.5.post553
5.5.post554
5.5.post555
5.5.post556
5.5.1
5.5.2
5.5.3
5.5.4
5.5.5
5.5.6
5.6.0
5.6.post560
5.6.post561
5.6.post562
5.6.1
5.6.2
5.7.0
5.7.post570
5.7.post571
5.7.post572
5.7.post573
5.7.post574
5.7.post575
5.7.post576
5.7.1
5.7.2
5.7.3
5.7.4
5.7.5
5.7.6
5.8.0
5.8.1
5.8.2
5.8.3
5.8.4
5.8.5
5.8.6
5.8.7
5.9.0
5.9.1
5.9.2
5.9.3
5.9.4
5.9.5
5.9.6
5.10.0
5.10.1
5.10.2
5.10.3
5.11.0
5.11.1
5.11.2
5.11.3
5.11.4
5.11.5
5.11.6
5.11.7
5.11.8
5.11.9
5.11.10
5.11.11
5.11.12
5.11.13
5.11.14
5.12.0
5.12.1
5.12.2
5.12.3
5.12.4
5.12.5
5.12.6
5.12.7
5.12.8
5.12.9
5.12.10
5.12.11
5.12.12
5.12.13
5.12.14
5.12.15
5.12.16
5.12.17
5.12.18
5.12.19
5.12.20
5.12.21
5.12.22
5.12.23
5.12.24
5.12.25
5.12.26
5.12.27
5.12.28
5.12.29
5.12.30
5.12.31
5.12.32
5.12.33
6.*
6.0.0
6.0.1
6.0.2
6.0.3
6.0.4
6.0.5
6.0.6
6.0.7
6.0.8
6.0.9
6.0.10
6.1.0
6.1.1
6.1.2
6.1.3
6.1.4
6.1.5
6.1.6
6.1.7
6.1.8
6.1.9
6.1.10
6.1.11
6.1.12
6.1.13
6.2.0
6.2.1
6.2.2
6.2.3
6.2.4
6.2.5
6.2.6
6.2.7
6.2.8
6.2.9
6.2.10
6.2.11
6.2.12
6.2.13
6.2.14
6.2.15
6.2.16
6.2.17
6.2.18
6.2.19
6.3.0
6.3.1
6.3.2
6.3.3
6.3.4
6.3.5
6.3.6
6.3.7
6.3.8
6.3.9
6.3.10
6.3.11
6.3.12
6.3.13
6.3.14
6.4.0
6.4.1
6.4.2
6.4.3
6.4.4
6.4.5
6.4.6
6.4.7
6.4.8
6.4.9
6.4.10
6.4.11
6.5.0
6.5.1
6.5.2
6.5.3
6.5.4
6.5.5
6.5.6
6.5.7
6.5.8
6.5.9
6.5.10
6.5.11
6.6.0
6.6.1
6.6.2
6.6.3
6.6.4
6.6.5