CVE-2025-29994

HIGH Year: 2025
Weakness Type
CWE-1390
View all →

Vulnerability Description

This vulnerability exists in the CAP back office application due to improper authentication check at the API endpoint. An unauthenticated remote attacker with a valid login ID could exploit this vulnerability by manipulating API input parameters through API request URL/payload leading to unauthorized access to other user accounts.

Related Vulnerabilities

CVE-2022-43400

CRITICAL
CVSS:9.8(Critical)

A vulnerability has been identified in Siveillance Video Mobile Server V2022 R2 (All versions < V22.2a (80)). The mobile server component of affected applications improperly handles the log in for Act...

CWE-13902022

CVE-2024-13239

CRITICAL
CVSS:9.8(Critical)

Weak Authentication vulnerability in Drupal Two-factor Authentication (TFA) allows Authentication Abuse.This issue affects Two-factor Authentication (TFA): from 0.0.0 before 1.5.0.

CWE-13902024

CVE-2024-38182

CRITICAL
CVSS:9.8(Critical)

Weak authentication in Microsoft Dynamics 365 allows an unauthenticated attacker to elevate privileges over a network.

CWE-13902024

CVE-2024-48886

CRITICAL
CVSS:9.8(Critical)

A weak authentication in Fortinet FortiOS versions 7.4.0 through 7.4.4, 7.2.0 through 7.2.8, 7.0.0 through 7.0.15, 6.4.0 through 6.4.15, FortiProxy versions 7.4.0 through 7.4.4, 7.2.0 through 7.2.10, ...

CWE-13902024

CVE-2024-50563

CRITICAL
CVSS:9.8(Critical)

A weak authentication in Fortinet FortiManager Cloud, FortiAnalyzer versions 7.6.0 through 7.6.1, 7.4.1 through 7.4.3, FortiAnalyzer Cloud versions 7.4.1 through 7.4.3, FortiManager versions 7.6.0 thr...

CWE-13902024

CVE-2024-54092

CRITICAL
CVSS:9.8(Critical)

A vulnerability has been identified in Industrial Edge Device Kit - arm64 V1.17 (All versions), Industrial Edge Device Kit - arm64 V1.18 (All versions), Industrial Edge Device Kit - arm64 V1.19 (All v...

CWE-13902024