CVE-2025-29997
3/13/2025 12:15:14 PM
2 روز قبل
2 روز قبل
1
Reporter :vdisclose@cert-in.org.in
Modified :3/13/2025 12:15:14 PM
Problem Data :CWE-863
Description
This vulnerability exists in the CAP back office application due to improper authorization checks on certain API endpoints. An authenticated remote attacker could exploit this vulnerability by manipulating API request URL to gain unauthorized access to other user accounts.
Cvss Version 4.0
8.2
CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:L/SI:N/SA:N
| Attack Vector | Network |
| Attack Complexity | High |
| Privileges Required | None |
| User Interaction | None |
| Vulnerability Complexity | High |
| Vulnerability Impact | None |
EPSS
| Epss Score | 0 |
|---|---|
| Epss Percentile | 0 |
Note: Consider this fact that the EPSS model relies on historical data and real-world exploit information to calculate the probability of exploitation. When a CVE is newly published, there isn't enough data available to determine its likelihood of being exploited. As a result, the EPSS score defaults to 0 until more information becomes available.