{"id":"CVE-2025-61782","summary":"Open Redirect in OpenCTI's SAML Authentication Flow","details":"OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. Prior to version 6.8.3, an open redirect vulnerability exists in the OpenCTI platform's SAML authentication endpoint (/auth/saml/callback). By manipulating the RelayState parameter, an attacker can force the server to issue a 302 redirect to any external URL, enabling phishing, credential theft, and arbitrary site redirection. This issue has been patched in version 6.8.3.","aliases":["GHSA-jc3f-c62g-v7qw"],"modified":"2026-04-02T12:57:27.723005Z","published":"2026-01-07T17:28:53.599Z","database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/61xxx/CVE-2025-61782.json","cwe_ids":["CWE-601"],"cna_assigner":"GitHub_M"},"references":[{"type":"WEB","url":"https://github.com/OpenCTI-Platform/opencti/releases/tag/6.8.3"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/61xxx/CVE-2025-61782.json"},{"type":"ADVISORY","url":"https://github.com/OpenCTI-Platform/opencti/security/advisories/GHSA-jc3f-c62g-v7qw"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-61782"},{"type":"FIX","url":"https://github.com/OpenCTI-Platform/opencti/commit/f755165a26888925c4a58018f7238ff92a0bd378"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/opencti-platform/opencti","events":[{"introduced":"0"},{"fixed":"5594b6bd796b91674d7846b64ff1308f1a3e4d8b"}]}],"versions":["1.0.0","1.0.1","1.0.2","1.1.0","1.1.1","1.1.2","2.0.0","2.0.1","2.0.2","2.1.0","2.1.1","2.1.2","2.1.3","2.1.4","3.0.0","3.0.1","3.0.2","3.0.3","3.1.0","3.2.0","3.2.1","3.2.2","3.3.0","3.3.1","3.3.2","4.0.0","4.0.1","4.0.2","4.0.3","4.0.4","4.0.5","4.0.6","4.0.7","4.1.0","4.1.1","4.1.2","4.2.0","4.2.1","4.2.2","4.2.3","4.2.4","4.3.0","4.3.1","4.3.2","4.3.3","4.3.4","4.3.5","4.4.0","4.4.1","4.5.0","4.5.1","4.5.2","4.5.3","4.5.4","4.5.5","5.0.0","5.0.1","5.0.2","5.0.3","5.1.0","5.1.1","5.1.2","5.1.3","5.1.4","5.10.0","5.10.1","5.10.2","5.10.3","5.11.0","5.11.1","5.11.10","5.11.11","5.11.12","5.11.13","5.11.14","5.11.2","5.11.3","5.11.4","5.11.5","5.11.6","5.11.7","5.11.8","5.11.9","5.12.0","5.12.1","5.12.10","5.12.11","5.12.12","5.12.13","5.12.14","5.12.15","5.12.16","5.12.17","5.12.18","5.12.19","5.12.2","5.12.20","5.12.21","5.12.22","5.12.23","5.12.24","5.12.25","5.12.26","5.12.27","5.12.28","5.12.29","5.12.3","5.12.30","5.12.31","5.12.32","5.12.33","5.12.4","5.12.5","5.12.6","5.12.7","5.12.8","5.12.9","5.2.0","5.2.1","5.2.2","5.2.3","5.2.4","5.3.0","5.3.1","5.3.10","5.3.11","5.3.12","5.3.13","5.3.14","5.3.15","5.3.16","5.3.17","5.3.2","5.3.3","5.3.4","5.3.5","5.3.6","5.3.7","5.3.8","5.3.9","5.4.0","5.4.1","5.5.0","5.5.1","5.5.2","5.5.3","5.5.4","5.6.0","5.6.1","5.6.2","5.7.0","5.7.1","5.7.2","5.7.3","5.7.4","5.7.5","5.7.6","5.8.0","5.8.1","5.8.2","5.8.3","5.8.4","5.8.5","5.8.6","5.8.7","5.9.0","5.9.1","5.9.2","5.9.3","5.9.4","5.9.5","5.9.6","6.0.0","6.0.1","6.0.10","6.0.2","6.0.3","6.0.4","6.0.5","6.0.6","6.0.7","6.0.8","6.0.9","6.1.0","6.1.1","6.1.10","6.1.11","6.1.12","6.1.13","6.1.2","6.1.3","6.1.4","6.1.5","6.1.6","6.1.7","6.1.8","6.1.9","6.2.0","6.2.1","6.2.10","6.2.11","6.2.12","6.2.13","6.2.14","6.2.15","6.2.16","6.2.17","6.2.18","6.2.19","6.2.2","6.2.3","6.2.4","6.2.5","6.2.6","6.2.7","6.2.7-hotfix","6.2.8","6.2.9","6.3.0","6.3.1","6.3.10","6.3.11","6.3.12","6.3.13","6.3.14","6.3.3","6.3.4","6.3.5","6.3.6","6.3.7","6.3.8","6.3.9","6.4.0","6.4.1","6.4.10","6.4.11","6.4.2","6.4.3","6.4.4","6.4.5","6.4.6","6.4.7","6.4.8","6.4.9","6.5.0","6.5.1","6.5.10","6.5.11","6.5.2","6.5.3","6.5.4","6.5.5","6.5.6","6.5.7","6.5.8","6.5.9","6.6.0","6.6.1","6.6.10","6.6.11","6.6.12","6.6.13","6.6.14","6.6.15","6.6.16","6.6.17","6.6.18","6.6.2","6.6.3","6.6.4","6.6.5","6.6.6","6.6.7","6.6.8","6.6.9","6.7.0","6.7.1","6.7.10","6.7.11","6.7.12","6.7.13","6.7.14","6.7.15","6.7.16","6.7.17","6.7.18","6.7.19","6.7.2","6.7.20","6.7.3","6.7.4","6.7.5","6.7.6","6.7.7","6.7.8","6.7.9","6.8.0","6.8.1","6.8.2"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-61782.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"}]}