CVE-2025-61782 MEDIUM

CVE-2025-61782: Open Redirect in OpenCTI's SAML Authentication Flow

Vendor Opencti-Platform

Product opencti

Weakness CWE-601 · Open redirect

Published January 7, 2026

Last update January 7, 2026

View on NVD All CVEs

CVSS base score

5.4/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction Required

Confidentiality Low

Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

What the vulnerability does

01Description

OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. Prior to version 6.8.3, an open redirect vulnerability exists in the OpenCTI platform's SAML authentication endpoint (/auth/saml/callback). By manipulating the RelayState parameter, an attacker can force the server to issue a 302 redirect to any external URL, enabling phishing, credential theft, and arbitrary site redirection. This issue has been patched in version 6.8.3.

Key dates

02Disclosure timeline

January 7, 2026 CVE published

January 7, 2026 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2025-61782 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/601.html

Related vulnerabilities

04Related CVE

CVE-2023-40306 URL Redirection vulnerability in SAP S/4HANA (Manage Catalog Items and Cross-Catalog search) CVE-2023-41648 WordPress Login and Logout Redirect Plugin <= 2.0.3 is vulnerable to Open Redirection CVE-2024-8646 Eclipse Glassfish: URL redirection vulnerability to untrusted sites CVE-2026-25392 WordPress Update URLs – Quick and Easy way to search old links and replace them with new links in WordPress plugin <= 1.4.0 - Open Redirection vulnerability CVE-2026-35404 Open edX Platform has an Open Redirect in Survey Views via Unvalidated redirect_url Parameter