CVE-2025-46732 MEDIUM

CVE-2025-46732: OpenCTI's GraphQL IDOR enables authenticated users to modify or delete notifications of other users

Vendor Opencti-Platform

Product opencti

Weakness CWE-285

Published July 18, 2025

Last update July 18, 2025

View on NVD All CVEs

CVSS base score

5.4/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction None

Confidentiality Low

Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

What the vulnerability does

01Description

OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. Prior to version 6.6.6, an IDOR vulnerability in the GrapQL `NotificationLineNotificationMarkReadMutation` and `NotificationLineNotificationDeleteMutation` mutations of OpenCTI allows an authenticated user to change the read status of a notification or delete a notification of another user in case he has knowledge of the UUID of the notification. When changing the read status of a notification, the user also receives the content of the notification they changed the read status of. Authenticated Users in OpenCTI can read, modify and delete notification of other users if they know the UUID of the notification. Version 6.6.6 fixes the issue.

Key dates

02Disclosure timeline

July 18, 2025 CVE published

July 18, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2025-46732

Related vulnerabilities

CVE-2025-46732: OpenCTI's GraphQL IDOR enables authenticated users to modify or delete notifications of other users

01Description

02Disclosure timeline

03References

04Related CVE