CVE-2025-26523 HIGH

CVE-2025-26523: Insufficient Authorization Vulnerability in RupeeWeb trading platform

Vendor Rupeeseed Technology Ventures
Product RupeeWeb
Weakness CWE-266
Published February 14, 2025
Last update February 14, 2025

CVSS base score

7.4/10
Attack vector Network
Attack complexity High
Privileges required High
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

What the vulnerability does

01Description

This vulnerability exists in RupeeWeb trading platform due to insufficient authorization controls on certain API endpoints handling addition and deletion operations. Successful exploitation of this vulnerability could allow an authenticated remote attacker to modify information belonging to other user accounts.

Key dates

02Disclosure timeline

February 14, 2025 CVE published
February 14, 2025 Record updated