CVE-2025-26524

MEDIUM

RupeeWeb - DoS

Title source: llm

Description

This vulnerability exists in RupeeWeb trading platform due to missing rate limiting on OTP requests in certain API endpoints. An authenticated remote attacker could exploit this vulnerability by sending multiple OTP request through vulnerable API endpoints which could lead to the OTP bombing/ flooding on the targeted system.

References (1)

[Various Sources] https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2025-0020

Scores

CVSS v4 5.1

EPSS 0.0080

EPSS Percentile 74.1%

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-799

Status published

Products (1)

Rupeeseed Technology Ventures/RupeeWeb <66.9

Published Feb 14, 2025

Tracked Since Feb 18, 2026