CVE-2025-29995

3/13/2025 12:15:13 PM
2 روز قبل
2 روز قبل
1
Reporter :vdisclose@cert-in.org.in
Modified :3/13/2025 12:15:13 PM
Problem Data :CWE-640

Description

This vulnerability exists in the CAP back office application due to a weak password-reset mechanism implemented at API endpoints. An authenticated remote attacker with a valid login ID could exploit this vulnerability through vulnerable API endpoint which could lead to account takeover of targeted users.

Cvss Version 4.0

8.3 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:N/VA:H/SC:L/SI:N/SA:N
Attack Vector Network
Attack Complexity High
Privileges Required None
User Interaction None
Vulnerability Complexity High
Vulnerability Impact None

EPSS

Epss Score 0
Epss Percentile 0

Note: Consider this fact that the EPSS model relies on historical data and real-world exploit information to calculate the probability of exploitation. When a CVE is newly published, there isn't enough data available to determine its likelihood of being exploited. As a result, the EPSS score defaults to 0 until more information becomes available.