CVE-2025-42602
Improper Authentication Vulnerability in Meon KYC solutions
In short
Meon KYC's authentication system improperly handles access and refresh tokens, allowing attackers to intercept and manipulate API responses to gain unauthorized access to other users' accounts.
Technical detail
The vulnerability stems from improper token validation in authentication API endpoints (CWE-384, CWE-613). A remote attacker can intercept API responses and modify request bodies to forge or hijack tokens, bypassing authentication controls and accessing arbitrary user accounts without proper authorization.
Summary generated and translated by AI from the official description.
This vulnerability exists in Meon KYC solutions due to improper handling of access and refresh tokens in certain API endpoints of authentication process. A remote attacker could exploit this vulnerability by intercepting and manipulating the responses through API request body leading to unauthorized access of other user accounts.
CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:L/SI:N/SA:N
Affected products
Meon · KYC solutionsWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →