CVE-2025-29998

216.73.216.226

· Published 13/03/2025 12:15 · Modified 13/03/2025 12:15

Labels: CVE-2025-29998 2025-03-13 CVE-2025-29998 CWE-799 [email protected]

Essential information

Published: 13/03/2025 12:15
Modified: 13/03/2025 12:15
Author: —
Creator: —
CISA KEV: No
CWE: —
CVSS vector

Description

This vulnerability exists in the CAP back office application due to missing rate limiting on OTP requests in an API endpoint. An authenticated remote attacker could exploit this vulnerability by sending multiple OTP request through vulnerable API endpoint which could lead to the OTP bombing/flooding on the targeted system.

NVD status

Status: Received — CVE has been recently published to the CVE List and has been received by the NVD.
Source: [email protected]
NVD: View on NVD

Affected products (CPE)

Product	CPE
cap / back office application	`cpe:2.3:a:cap:back_office_application::::::::`

CVE-2025-29998

Essential information

Description

NVD status

Affected products (CPE)

References