Vulenrability management

OpenCTI Web-Hook Flaw Enables Full System Compromise

Summary

OEM	Filigran
Severity	Critical
CVSS Score	9.1
CVEs	CVE-2025-24977
Actively Exploited	No
Exploited in Wild	No
Advisory Version	1.0

Overview

A critical vulnerability (CVE-2025-24977) in the OpenCTI Platform allows authenticated users with specific permissions to execute arbitrary commands on the host infrastructure, leading to potential full system compromise.

Vulnerability Name	CVE ID	Product Affected	Severity	Fixed Version
Webhook Remote Code Execution vulnerability	CVE-2025-24977	OpenCTI	Critical	6.4.11

Technical Summary

The vulnerability resides in OpenCTI’s webhook templating system, which is built on JavaScript. Users with elevated privileges can inject malicious JavaScript into web-hook templates.

Although the platform implements a basic sandbox to prevent the use of external modules, this protection can be bypassed, allowing attackers to gain command execution within the host container.

Due to common deployment practices using Docker or Kubernetes, where environment variables are used to pass sensitive data (eg: credentials, tokens), exploitation of this flaw may expose critical secrets and permit root-level access, leading to full infrastructure takeover.

CVE ID	System Affected	Vulnerability Details	Impact
CVE-2025-24977	OpenCTI (≤ v6.4.10)	The webhook feature allows JavaScript-based message customization. Users with manage customizations permission can craft malicious JavaScript in templates to bypass restrictions and execute OS-level commands. Since OpenCTI is often containerized, attackers can gain root access and extract sensitive environment variables passed to the container.	Root shell access in the container, exposure of sensitive secrets, full system compromise, lateral movement within infrastructure.

Remediation:

Upgrade: Immediately update to OpenCTI version 6.4.11 or later.
Restrict user permissions: Especially the manage customizations capability — limit access to trusted personnel only.
Review and audit: Existing webhook configurations for signs of misuse, unauthorized scripts, or suspicious behavior.
Implement container hardening practices: Reduce risk of secret exposure by:
- Avoiding storage of secrets in environment variables when possible.
- Using dedicated secret management tools.
- Running containers with least privilege and limiting runtime capabilities.

The misuse can grant the attacker a root shell inside a container, exposing internal server-side secrets and potentially compromising the entire infrastructure.

Conclusion:
CVE-2025-24977 presents a highly exploitable attack vector within the OpenCTI platform and must be treated as an urgent priority for remediation.

The combination of remote code execution, privileged access and secret exposure in containerized environments makes it especially dangerous.

Organizations leveraging OpenCTI should upgrade to the latest version without delay, review their deployment security posture, and enforce strict access control around webhook customization capabilities.

References:

Apache Parquet Java Vulnerability Enables Remote Code Execution via Avro Schema

Summary Security Advisory:

A high-severity remote code execution (RCE) has been identified in Apache Parquet Java, specifically within the parquet-avro module. Discovered by Apache contributor Gang Wu, this vulnerability affects all versions up to and including 1.15.1 and can allow attackers to execute arbitrary code when a system processes a specially crafted Parquet file. The issue is fixed in version 1.15.2.

OEM	Apache
Severity	High
CVSS Score	Not Available
CVEs	CVE-2025-46762
Actively Exploited	No
Exploited in Wild	No
Advisory Version	1.0

Overview

Apache Parquet is an open-source, columnar storage format designed for efficient data processing, widely used by big data platforms and organizations engaged in data engineering and analytics.

Vulnerability Name	CVE ID	Product Affected	Severity	Fixed Version
Remote Code Execution vulnerability	CVE-2025-46762	Apache Parquet Java	High	1.15.2

Technical Summary

CVE-2025-46762 arises from insecure schema parsing logic in the parquet-avro module of Apache Parquet Java. When the application uses the “specific” or “reflect” Avro data models to read a Parquet file, malicious actors can inject specially crafted metadata into the Avro schema portion of the file.

Upon deserialization, the system may inadvertently execute code from Java classes listed in the default trusted packages (e.g., java.util), resulting in remote code execution. The vulnerability is not present when using the safer “generic” Avro model.

CVE ID	System Affected	Vulnerability Details	Impact
CVE-2025-46762	Apache Parquet Java ≤1.15.1	Insecure deserialization in the parquet-avro module allows execution of arbitrary Java classes when processing Parquet files with embedded malicious Avro schemas. The issue is exploitable only when using the “specific” or “reflect” data models, and relies on the presence of pre-approved trusted packages like java.util.	Remote Code Execution (RCE), potential supply chain compromise, unauthorized code execution.

Conditions for Exploitation:

Applications must use parquet-avro to read Parquet files.

The Avro “specific” or “reflect” deserialization models are used (not “generic”).

Attacker-supplied or untrusted Parquet files are processed by the system.

This creates significant risk in data processing environments such as Apache Spark, Flink, and Hadoop, where external Parquet files are commonly ingested.

Remediation:

Upgrade to Apache Parquet Java version 1.15.2: This version addresses the vulnerability by tightening controls around trusted packages and blocking unsafe deserialization.

For users unable to upgrade immediately: apply the following JVM system property to disable trusted package deserialization:

-Dorg.apache.parquet.avro.SERIALIZABLE_PACKAGES=””

Conclusion:
CVE-2025-46762 presents a significant RCE threat within big data ecosystems that use Apache Parquet Java with the parquet-avro module. Systems relying on unsafe deserialization patterns are especially at risk. Prompt patching or configuration hardening is strongly recommended to safeguard against exploitation.

References:

https://lists.apache.org/thread/vr1h7dnr4jp2f1xhzzkwzcw49qgfgsyl

https://thecyberexpress.com/apache-parquet-java-flaw-cve-2025-46762/

WordPress Age Gate Plugin Critical Vulnerability (CVE-2025-2505) Affects Over 40,000 Websites

The Age Gate plugin for WordPress is vulnerable to Local PHP File Inclusion in all versions up to, and including, 3.5.3 via the ‘lang’ parameter. This makes it possible for unauthenticated attackers to include and execute arbitrary PHP files on the server, allowing the execution of code in those files.

OEM	WordPress
Severity	Critical
CVSS score	9.8
CVEs	CVE-2025-2505
Exploited in Wild	No
Patch/Remediation Available	Yes
Advisory Version	1.0

Overview

A critical vulnerability (CVE-2025-2505) in the Age Gate plugin for WordPress allows unauthenticated Local PHP File Inclusion (LFI), potentially enabling remote code execution. This flaw affects all versions up to 3.5.3 and has been patched in version 3.5.4. Over 40,000 websites are affected by this vulnerability.

This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included.

Vulnerability Name	CVE ID	Product Affected	Severity	Fixed Version
Improper Limitation of a Pathname to a Restricted Directory	CVE-2025-2505	Age Gate WordPress Plugin	Critical	v3.5.4

Technical Summary

The vulnerability exists due to improper limitation of pathname input, leading to an unauthenticated Local PHP File Inclusion (LFI) attack through the lang parameter. This flaw can be exploited by attackers to execute arbitrary PHP files, bypass access controls, and compromise server security.

CVE ID	System Affected	Vulnerability Details	Impact
CVE-2025-2505	WordPress websites using Age Gate Plugin (<=3.5.3)	Local PHP File Inclusion via ‘lang’ parameter allows execution of arbitrary PHP files.	Unauthorized code execution, data exfiltration, privilege escalation, potential full server compromise.

Remediation:

Update Age Gate plugin to version 3.5.4 or later as soon as possible.

Conclusion:

Attackers can potentially: – Include and execute arbitrary PHP files on the server – Bypass access controls – Obtain sensitive site data – Achieve remote code execution – Compromise the entire WordPress site’s integrity and availability

This vulnerability poses a severe risk to WordPress websites utilizing the Age Gate plugin. Prompt patching and proactive security measures are crucial to mitigating potential attacks.

Users are strongly advised to update to the latest version without delay to protect their websites from unauthorized code execution.

CVE-2025-2505 affects all versions of the Age Gate plugin for WordPress up to and including version 3.5.3.

References:

https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/age-gate/age-gate-353-unauthenticated-local-php-file-inclusion-via-lang

https://wordpress.org/plugins/age-gate/

https://securityonline.info/critical-wordpress-plugin-vulnerability-exposes-over-40000-websites-to-code-execution-attacks/

Vulenrability management

OpenCTI Web-Hook Flaw Enables Full System Compromise

Apache Parquet Java Vulnerability Enables Remote Code Execution via Avro Schema

WordPress Age Gate Plugin Critical Vulnerability (CVE-2025-2505) Affects Over 40,000 Websites

Recent Posts

Recent Comments

Search

Recent Comments

Recent Posts

Archives