CVE-2025-42602 HIGH

CVE-2025-42602: Improper Authentication Vulnerability in Meon KYC solutions

Vendor Meon
Product KYC solutions
Weakness CWE-613 · Insufficient session expiration
Published April 23, 2025
Last update April 23, 2025

CVSS base score

8.2/10
Attack vector Network
Attack complexity High
Privileges required None
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:L/SI:N/SA:N

What the vulnerability does

01Description

This vulnerability exists in Meon KYC solutions due to improper handling of access and refresh tokens in certain API endpoints of authentication process. A remote attacker could exploit this vulnerability by intercepting and manipulating the responses through API request body leading to unauthorized access of other user accounts.

Key dates

02Disclosure timeline

April 23, 2025 CVE published
April 23, 2025 Record updated