CVE-2025-29998

HIGH

CAP Back Office - DoS

Title source: llm

Description

This vulnerability exists in the CAP back office application due to missing rate limiting on OTP requests in an API endpoint. An authenticated remote attacker could exploit this vulnerability by sending multiple OTP request through vulnerable API endpoint which could lead to the OTP bombing/flooding on the targeted system.

References (1)

[Various Sources] https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2025-0048

Scores

CVSS v4 8.2

EPSS 0.0063

EPSS Percentile 70.3%

CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-799

Status published

Products (1)

Rising Technosoft/CAP back office application <2.0.4

Published Mar 13, 2025

Tracked Since Feb 18, 2026