CVE-2025-50503

Name of the Vulnerable Software and Affected Versions: Touch Lebanon Mobile App version 2.20.2

Description: A flaw exists in the password reset workflow that allows an attacker to bypass the one-time password (OTP) reset password mechanism. By manipulating the reset process, an unauthorized user may be able to reset the password and gain access to the account without a legitimate authentication factor, such as an OTP. This compromises account security and allows for potential unauthorized access to user data.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.