CVE-2025-42604 MEDIUM

CVE-2025-42604: Detailed Error Response Vulnerability in Meon KYC solutions

Vendor Meon
Product KYC solutions
Weakness CWE-1295
Published April 23, 2025
Last update April 23, 2025

CVSS base score

6.9/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

What the vulnerability does

01Description

This vulnerability exists in Meon KYC solutions due to debug mode is enabled in certain API endpoints. A remote attacker could exploit this vulnerability by accessing certain unauthorized API endpoints leading to detailed error messages as response leading to disclosure of system related information.

Key dates

02Disclosure timeline

April 23, 2025 CVE published
April 23, 2025 Record updated