CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

CVE-2025-29995: Account Takeover Vulnerability in CAP back office application

8.3 CVSS

Description

This vulnerability exists in the CAP back office application due to a weak password-reset mechanism implemented at API endpoints. An authenticated remote attacker with a valid login ID could exploit this vulnerability through vulnerable API endpoint which could lead to account takeover of targeted users.

Classification

CVE ID: CVE-2025-29995

CVSS Base Severity: HIGH

CVSS Base Score: 8.3

CVSS Vector: CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:N/VA:H/SC:L/SI:N/SA:N

Problem Types

CWE-640 Weak Password Recovery Mechanism for Forgotten Password

Affected Products

Vendor: Rising Technosoft

Product: CAP back office application

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.12% (probability of being exploited)

EPSS Percentile: 27.64% (scored less or equal to compared to others)

EPSS Date: 2025-04-11 (when was this score calculated)

References

https://nvd.nist.gov/vuln/detail/CVE-2025-29995
https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2025-0048

Timeline

2025-03-13 12:40:21 UTC
CVE

Account Takeover Vulnerability in CAP back office application