PT-2025-11162 · Unknown · Cap Back Office Application

Mohit Gadiya

Published

2025-03-13

Updated

2025-03-14

CVE-2025-29994

CVSS v4.0

8.2

High

Vector

AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:L/SI:N/SA:N

Name of the Vulnerable Software and Affected Versions: CAP back office application (affected versions not specified)

Description: The issue is related to an improper authentication check at the "API endpoint". This could allow an unauthenticated remote attacker with a valid login ID to exploit the issue by manipulating API input parameters through the API request URL/payload, leading to unauthorized access to other user accounts.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this issue.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-1390

Related Identifiers

BDU:2026-00044

CVE-2025-29994

Affected Products

Cap Back Office Application

PT-2025-11162 · Unknown · Cap Back Office Application

CVE-2025-29994

Weakness Enumeration

Related Identifiers

Affected Products

References · 9