CVE-2025-26524

This vulnerability exists in RupeeWeb trading platform due to missing rate limiting on OTP requests in certain API endpoints. An…

CERT-In·CWE-799·Published 2025-02-14

CVSS

—

EPSS

0.00

KEV

Exploits

cve.orgen

326 chars

This vulnerability exists in RupeeWeb trading platform due to missing rate limiting on OTP requests in certain API endpoints. An authenticated remote attacker could exploit this vulnerability by sending multiple OTP request through vulnerable API endpoints which could lead to the OTP bombing/ flooding on the targeted system.

NVDen

326 chars

NVDes

378 chars

Esta vulnerabilidad existe en RupeeWeb trading platform debido a la falta de limitación de velocidad en las solicitudes OTP en ciertos endpoints de API. Un atacante remoto autenticado podría aprovechar esta vulnerabilidad enviando múltiples solicitudes OTP a través de endpoints de API vulnerables, lo que podría provocar un bombardeo o inundación de OTP en el sistema objetivo.

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
4.0	Primary	cve.org	5.1	—	—	CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
4.0	Secondary	NVD	5.1	—	—