CVE-2025-29995— Account Takeover Vulnerability in CAP back office application

EPSS 0.61% · P70 Updated Mar 14, 2025

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2025-29995

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

Account Takeover Vulnerability in CAP back office application

Source: NVD (National Vulnerability Database)

Vulnerability Description

This vulnerability exists in the CAP back office application due to a weak password-reset mechanism implemented at API endpoints. An authenticated remote attacker with a valid login ID could exploit this vulnerability through vulnerable API endpoint which could lead to account takeover of targeted users.

Source: NVD (National Vulnerability Database)

CVSS Information

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Type

忘记口令恢复机制弱

Source: NVD (National Vulnerability Database)

Vulnerability Title

Rising Technosoft CAP back office application 授权问题漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

Rising Technosoft CAP back office application是印度Rising Technosoft公司的一个后台应用程序。 Rising Technosoft CAP back office application存在授权问题漏洞，该漏洞源于API端点中实现的弱密码重置机制，允许经过身份验证的远程攻击者通过易受攻击的API端点接管目标用户账户。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
Rising Technosoft	CAP back office application	<2.0.4	-

II. Public POCs for CVE-2025-29995

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2025-29995

请登录查看更多情报信息。

Vulnerabilitythird-party-advisory
https://nvd.nist.gov/vuln/detail/CVE-2025-29995

Same Patch Batch · Rising Technosoft · 2025-03-13 · 5 CVEs total

CVE-2025-29994		Improper Authentication Vulnerability in CAP back office application
CVE-2025-29998		No Rate Limiting Vulnerability in CAP back office application
CVE-2025-29997		Improper Access Control Vulnerability in CAP back office application
CVE-2025-29996		Authentication Bypass Vulnerability in CAP back office application

IV. Related Vulnerabilities

Same product: CAP back office application

Same vendor: Rising Technosoft

Same weakness: CWE-640

V. Comments for CVE-2025-29995

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2025-29995— Account Takeover Vulnerability in CAP back office application

I. Basic Information for CVE-2025-29995

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2025-29995

III. Intelligence Information for CVE-2025-29995

Same Patch Batch · Rising Technosoft · 2025-03-13 · 5 CVEs total

IV. Related Vulnerabilities

V. Comments for CVE-2025-29995

Leave a comment