Summary: The Indian Computer Emergency Response Team (CERT-In) has issued a critical vulnerability note concerning several serious flaws in the Rising Technosoft CAP back office application, affecting all versions prior to 2.0.4. These vulnerabilities could enable attackers to gain unauthorized access, conduct account takeovers, and initiate data breaches, posing significant risks to end users. Rising Technosoft is urging users to upgrade to the latest version to mitigate these risks.
Affected: Rising Technosoft CAP back office application
Keypoints :
- Improper Authentication Vulnerability (CVE-2025-29994) allows unauthenticated attackers to bypass authentication through API manipulation.
- Account Takeover Vulnerability (CVE-2025-29995) enables attackers to reset user passwords using a weak password reset mechanism, allowing full account control.
- Authentication Bypass Vulnerability (CVE-2025-29996) permits attackers to bypass two-factor authentication (2FA) using manipulated API requests.
- Improper Access Control Vulnerability (CVE-2025-29997) allows authenticated attackers to gain unauthorized access to other usersβ accounts.
- No Rate Limiting Vulnerability (CVE-2025-29998) facilitates OTP flooding attacks, leading to denial-of-service conditions and system performance issues.
Source: https://thecyberexpress.com/rising-technosoft-vulnerabilities/
Views: 40