CVE-2025-42603 HIGH

CVE-2025-42603: Information Disclosure Vulnerability in Meon KYC solutions

Vendor Meon
Product KYC solutions
Weakness CWE-319 · Cleartext transmission
Published April 23, 2025
Last update April 23, 2025

CVSS base score

8.7/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:L/SI:N/SA:N

What the vulnerability does

01Description

This vulnerability exists in the Meon KYC solutions due to transmission of sensitive data in plain text within the response payloads of certain API endpoints. An authenticated remote attacker could exploit this vulnerability by intercepting API response that contains unencrypted sensitive information belonging to other users. Successful exploitation of this vulnerability could allow remote attacker to impersonate the target user and gain unauthorized access to the user account.

Key dates

02Disclosure timeline

April 23, 2025 CVE published
April 23, 2025 Record updated