CVE-2025-42601

This vulnerability exists in Meon KYC solutions due to insufficient server-side validation of the Captcha in certain API endpoints. A…

CERT-In·CWE-602·Published 2025-04-23

CVSS

—

EPSS

0.00

KEV

Exploits

cve.orgen

302 chars

This vulnerability exists in Meon KYC solutions due to insufficient server-side validation of the Captcha in certain API endpoints. A remote attacker could exploit this vulnerability by intercepting the request and removing the Captcha parameter leading to bypassing the Captcha verification mechanism.

NVDen

302 chars

NVDes

333 chars

Esta vulnerabilidad existe en las soluciones Meon KYC debido a una validación insuficiente del CAPTCHA en el servidor en ciertos endpoints de la API. Un atacante remoto podría explotar esta vulnerabilidad interceptando la solicitud y eliminando el parámetro CAPTCHA, lo que permitiría eludir el mecanismo de verificación del CAPTCHA.

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
4.0	Primary	cve.org	8.2	—	—	CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:L/SI:N/SA:N
4.0	Secondary	NVD	8.2	—	—