CVE-2025-26522 · CVEKit

cve.orgen

385 chars

This vulnerability exists in RupeeWeb trading platform due to improper implementation of OTP validation mechanism in certain API endpoints. A remote attacker with valid credentials could exploit this vulnerability by manipulating API responses. Successful exploitation of this vulnerability could allow the attacker to bypass Two-Factor Authentication (2FA) for other user accounts.

NVDen

385 chars

This vulnerability exists in RupeeWeb trading platform due to improper implementation of OTP validation mechanism in certain API endpoints. A remote attacker with valid credentials could exploit this vulnerability by manipulating API responses. Successful exploitation of this vulnerability could allow the attacker to bypass Two-Factor Authentication (2FA) for other user accounts.

NVDes

422 chars

Esta vulnerabilidad existe en RupeeWeb trading platform debido a la implementación incorrecta del mecanismo de validación OTP en ciertos endpoints de API. Un atacante remoto con credenciales válidas podría aprovechar esta vulnerabilidad manipulando las respuestas de API. La explotación exitosa de esta vulnerabilidad podría permitir al atacante eludir la autenticación de dos factores (2FA) para otras cuentas de usuario.

CVSS metrics across sources

2

Version	Type	Source	Base	Exp	Impact	Vector
4.0	Primary	cve.org	7.5	—	—	CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
4.0	Secondary	NVD	7.5	—	—