Impact
Mythic platforms before version 3.4.0.60 have an authorization bypass in four REST endpoints that allow an operator to access the C2 profile configuration of another operation by providing a payload UUID that they do not own. The attacker can retrieve secrets such as encryption keys and callback parameters, potentially enabling them to intercept, modify, or inject traffic into the target operation's C2 communications. The vulnerability exposes sensitive configuration data without proper ownership verification, leading to confidentiality compromise for the operation's control channel observers. The weakness is categorized as CWE-862.
Affected Systems
This issue affects Mythic applications from the its-a-feature vendor. Any installation running a version older than 3.4.0.60 is potentially vulnerable. The specific endpoints impacted are c2profile_config_check_webhook, c2profile_redirect_rules_webhook, c2profile_get_ioc_webhook, and c2profile_sample_message_webhook.
Risk and Exploitability
The CVSS score for this issue is 6, indicating a medium severity. The EPSS score is currently unavailable, so the current probability of exploitation is unclear. The vulnerability is not listed in the CISA KEV catalog. The intended attack path is an authenticated operator who already has access to the Mythic console and can call the affected endpoints with a payload UUID from a different operation. Successful exploitation requires that the attacker has at least operator privileges and knowledge of a valid payload UUID from another operation, pointing to a moderate likelihood of threat in environments where multiple independent operations run on a single Mythic instance.
OpenCVE Enrichment