This critical privilege escalation vulnerability in OpenCTI enables unauthenticated attackers to gain administrative control over the platform, posing a severe risk to threat intelligence data.

This is a privilege escalation vulnerability within the OpenCTI API authentication logic. It allows an unauthenticated remote attacker to bypass authorization checks and perform actions as any user, including the primary administrator.

The ability for an unauthenticated actor to assume administrative privileges allows for full data exfiltration, deletion of threat intelligence, and potential persistent backdooring of the platform. With a CVSS score of 9.8, the impact is considered critical as it compromises the integrity and confidentiality of sensitive cybersecurity intelligence workflows.

Immediate Action: Upgrade the OpenCTI platform to version 6.9.13 or later immediately to resolve the authentication bypass.

Proactive Monitoring: Audit API access logs for anomalous requests, particularly those originating from unknown IPs attempting to access administrative endpoints.

Compensating Controls: If patching is delayed, disable the default admin account using the APP__ADMIN__EXTERNALLY_MANAGED configuration setting to limit the attack surface.

Public Exploit Available: No

This vulnerability represents a significant risk to the security of your threat intelligence operations. Organizations should prioritize the deployment of the vendor-provided patch immediately to prevent unauthorized administrative access and potential platform compromise.