CVE-2025-29996

3/13/2025 12:15:13 PM

2 روز قبل

Reporter :vdisclose@cert-in.org.in

Modified :3/13/2025 12:15:13 PM

Problem Data :CWE-288

Description

This vulnerability exists in the CAP back office application due to improper implementation of OTP verification mechanism in its API based login. A remote attacker with valid credentials could exploit this vulnerability by manipulating API request URL/payload. Successful exploitation of this vulnerability could allow the attacker to bypass Two-Factor Authentication (2FA) for other user accounts.

Cvss Version 4.0

8.2 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:L/SI:N/SA:N

Attack Vector	Network
Attack Complexity	High
Privileges Required	None
User Interaction	None
Vulnerability Complexity	High
Vulnerability Impact	None

EPSS

Epss Score	0
Epss Percentile	0

Note: Consider this fact that the EPSS model relies on historical data and real-world exploit information to calculate the probability of exploitation. When a CVE is newly published, there isn't enough data available to determine its likelihood of being exploited. As a result, the EPSS score defaults to 0 until more information becomes available.

Reference

لینک	منبع	تگ ها
https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2025-0048