CVE-2025-29995 HIGH

CVE-2025-29995: Account Takeover Vulnerability in CAP back office application

Vendor Rising Technosoft

Product CAP back office application

Weakness CWE-640 · Weak password recovery

Published March 13, 2025

Last update March 13, 2025

View on NVD All CVEs

CVSS base score

8.3/10

Attack vector Network

Attack complexity High

Privileges required None

User interaction None

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:N/VA:H/SC:L/SI:N/SA:N

What the vulnerability does

01Description

This vulnerability exists in the CAP back office application due to a weak password-reset mechanism implemented at API endpoints. An authenticated remote attacker with a valid login ID could exploit this vulnerability through vulnerable API endpoint which could lead to account takeover of targeted users.

Key dates

02Disclosure timeline

March 13, 2025 CVE published

March 13, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2025-29995

Related vulnerabilities

CVE-2025-29995: Account Takeover Vulnerability in CAP back office application

01Description

02Disclosure timeline

03References

04Related CVE