CVE-2025-29997

Improper Access Control Vulnerability in CAP back office application

CVSS 8.2 HIGHEPSS 0.3%CWE-863

Vexday Risk Score

21Low

SSVC decision (CISA)

Track

No exploitation signal → monitor

CVSS 8.2EPSS 0.3%KEV nãoPoC —Nuclei —Metasploit —Patch —

Lifecycle

13 Mar 2025Published on NVD

Recommendation: Monitor — no exploitation signal at the moment.

This vulnerability exists in the CAP back office application due to improper authorization checks on certain API endpoints. An authenticated remote attacker could exploit this vulnerability by manipulating API request URL to gain unauthorized access to other user accounts.

CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:L/SI:N/SA:N

Affected products

Rising Technosoft · CAP back office application

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2025-0048