CVE-2025-1629 MEDIUM

CVE-2025-1629: Excitel Broadband Private my Excitel App One-Time Password excessive authentication

Vendor Excitel Broadband Private
Product my Excitel App
Weakness CWE-307 · Brute force
Published February 24, 2025
Last update February 24, 2025

CVSS base score

5.1/10
Attack vector Adjacent
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

What the vulnerability does

01Description

A vulnerability was found in Excitel Broadband Private my Excitel App 3.13.0 on Android. It has been classified as problematic. Affected is an unknown function of the component One-Time Password Handler. The manipulation leads to improper restriction of excessive authentication attempts. The vendor was contacted early about this disclosure but did not respond in any way.

Key dates

02Disclosure timeline

February 24, 2025 CVE published
February 24, 2025 Record updated