CVE-2025-42602
Description
This vulnerability exists in Meon KYC solutions due to improper handling of access and refresh tokens in certain API endpoints of authentication process. A remote attacker could exploit this vulnerability by intercepting and manipulating the responses through API request body leading to unauthorized access of other user accounts.
Weakness Type (CWE)
References
Frequently Asked Questions
What is CVE-2025-42602? +
How do I check if I'm vulnerable to CVE-2025-42602? +
Related Vulnerabilities
An improper session validation allows an unauthenticated attacker to cause certain request notifications to be executed in the context of …
A malicious actor can fix the session of a PAM user by tricking the user to click on a specially …
When configured using SAML, a session fixation vulnerability in the GlobalProtect™ login enables an attacker to impersonate a legitimate authorized …
A Session Fixation vulnerability existed in Payload's SQLite adapter due to identifier reuse during account creation. A malicious attacker could …
Fiber is an Express-inspired web framework written in Go A vulnerability present in versions prior to 2.52.5 is a session …
The Itel DAB Gateway (IDGat build c041640a) is vulnerable to Authentication Bypass due to improper JWT validation across devices. Attackers …