Home > Vulnerability Database > CVE-2025-46732

Mend.io Vulnerability Database

CVE-2025-46732

Good to know:

Date: July 18, 2025

OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. Prior to version 6.6.6, an IDOR vulnerability in the GrapQL "NotificationLineNotificationMarkReadMutation" and "NotificationLineNotificationDeleteMutation" mutations of OpenCTI allows an authenticated user to change the read status of a notification or delete a notification of another user in case he has knowledge of the UUID of the notification. When changing the read status of a notification, the user also receives the content of the notification they changed the read status of. Authenticated Users in OpenCTI can read, modify and delete notification of other users if they know the UUID of the notification. Version 6.6.6 fixes the issue.

Severity Score

5.4

Related Resources (3)

Url: https://nvd.nist.gov/vuln/detail/CVE-2025-46732

Url: https://github.com/OpenCTI-Platform/opencti/security/advisories/GHSA-535g-qp2c-h7vp

Url: https://www.mend.io/vulnerability-database/CVE-2025-46732

Severity Score

5.4

Weakness Type (CWE)

Improper Authorization

CWE-285

Top Fix

Upgrade Version

Upgrade to version https://github.com/OpenCTI-Platform/opencti.git - 6.6.6

Learn More

CVSS v3.1

Base Score:	5.4
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2025-46732

Good to know:

Date: July 18, 2025

Severity Score

Related Resources (3)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?