CVE-2025-42600

Vulnerability Description

This vulnerability exists in Meon KYC solutions due to missing restrictions on the number of incorrect One-Time Password (OTP) attempts through certain API endpoints of login process. A remote attacker could exploit this vulnerability by performing a brute force attack on OTP, which could lead to gain unauthorized access to other user accounts.

Vulnerability Details

Published Date

April 23, 2025

Last Modified

April 23, 2025

Source

MITRE

Vendor

Meon

Product

KYC solutions

External References

https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2025-0082

Vulnerability Description

Vulnerability Details

External References

Discussion (0)

Add Comment