PT-2025-11166 · Unknown · Cap Back Office Application

Mohit Gadiya

Published

2025-03-13

Updated

2025-03-13

CVE-2025-29998

CVSS v4.0

8.2

High

Vector

AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Name of the Vulnerable Software and Affected Versions: CAP back office application (affected versions not specified)

Description: The issue is caused by missing rate limiting on OTP requests in an API endpoint, allowing an authenticated remote attacker to send multiple OTP requests, potentially leading to OTP bombing or flooding on the targeted system.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-799

Related Identifiers

BDU:2026-00046

CVE-2025-29998

Affected Products

Cap Back Office Application

PT-2025-11166 · Unknown · Cap Back Office Application

CVE-2025-29998

Weakness Enumeration

Related Identifiers

Affected Products

References · 9