216.73.216.128

CVE-2025-29995

· Published 13/03/2025 12:15 · Modified 13/03/2025 12:15

Labels: CVE-2025-29995 2025-03-13CVE-2025-29995CWE-640[email protected]

Essential information

Published
13/03/2025 12:15
Modified
13/03/2025 12:15
Author
Creator
CISA KEV
No
CWE

Description

This vulnerability exists in the CAP back office application due to a weak password-reset mechanism implemented at API endpoints. An authenticated remote attacker with a valid login ID could exploit this vulnerability through vulnerable API endpoint which could lead to account takeover of targeted users.

NVD status

Status
Received — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
* / cap back office application cpe:2.3:a:*:cap_back_office_application:*:*:*:*:*:*:*:*

References