CVE-2025-29998
Description
This vulnerability exists in the CAP back office application due to missing rate limiting on OTP requests in an API endpoint. An authenticated remote attacker could exploit this vulnerability by sending multiple OTP request through vulnerable API endpoint which could lead to the OTP bombing/flooding on the targeted system.
Weakness Type (CWE)
References
Frequently Asked Questions
What is CVE-2025-29998? +
How do I check if I'm vulnerable to CVE-2025-29998? +
Related Vulnerabilities
This vulnerability exists in RupeeWeb trading platform due to missing rate limiting on OTP requests in certain API endpoints. An …
Letmein is an authenticating port knocker. Prior to version 10.2.1, The connection limiter is implemented incorrectly. It allows an arbitrary …
In Ascertia SigningHub through 8.6.8, there is a lack of rate limiting on the reset password function, leading to an …
Password reset tokens are generated using an insecure source of randomness. Attackers who know the username of the Journyx installation …
Improper Control of Interaction Frequency vulnerability in MeWare Software Development Inc. PDKS allows Flooding. This issue affects PDKS: from V16.20200313 …
An attacker may be able to cause a denial-of-service condition by sending many packets repeatedly.