CVE-2025-29997
Description
This vulnerability exists in the CAP back office application due to improper authorization checks on certain API endpoints. An authenticated remote attacker could exploit this vulnerability by manipulating API request URL to gain unauthorized access to other user accounts.
Weakness Type (CWE)
References
Frequently Asked Questions
What is CVE-2025-29997? +
How do I check if I'm vulnerable to CVE-2025-29997? +
Related Vulnerabilities
Data Space Portal is an open-source Software as a Service (SaaS) solution designed to streamline Dataspace management. From version 2.1.1 …
Kirby is an open-source content management system. Prior to versions 4.9.0 and 5.4.0, `pages.access/list` and `files.access/list` permissions are not consistently …
A Local Code Execution Vulnerability exists in the product and version listed above. The vulnerability is due to a default …
The vulnerability allows an unauthenticated attacker to access information in PAM database.
An error when handling authorization related to the import / export interfaces on the RISC Platform prior to the saas-2021-12-29 …
Broken access control vulnerability in the IcProgress Innovación y Cualificación plugin. This vulnerability allows an attacker to obtain sensitive information …