216.73.217.86

CVE-2025-29996

· Published 13/03/2025 12:15 · Modified 13/03/2025 12:15

Labels: CVE-2025-29996 2025-03-13CVE-2025-29996CWE-288[email protected]

Essential information

Published
13/03/2025 12:15
Modified
13/03/2025 12:15
Author
Creator
CISA KEV
No
CWE

Description

This vulnerability exists in the CAP back office application due to improper implementation of OTP verification mechanism in its API based login. A remote attacker with valid credentials could exploit this vulnerability by manipulating API request URL/payload. Successful exploitation of this vulnerability could allow the attacker to bypass Two-Factor Authentication (2FA) for other user accounts.

NVD status

Status
Received — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
* / cap back office application cpe:2.3:a:*:cap_back_office_application:*:*:*:*:*:*:*:*

References