CVE-2025-42601 HIGH

CVE-2025-42601: Captcha Bypass Vulnerability in Meon KYC solutions

Vendor Meon
Product KYC solutions
Weakness CWE-602 · Client-side enforcement
Published April 23, 2025
Last update April 23, 2025

CVSS base score

8.2/10
Attack vector Network
Attack complexity High
Privileges required None
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:L/SI:N/SA:N

What the vulnerability does

01Description

This vulnerability exists in Meon KYC solutions due to insufficient server-side validation of the Captcha in certain API endpoints. A remote attacker could exploit this vulnerability by intercepting the request and removing the Captcha parameter leading to bypassing the Captcha verification mechanism.

Key dates

02Disclosure timeline

April 23, 2025 CVE published
April 23, 2025 Record updated

Related vulnerabilities

04Related CVE