CERT-In Issues Warning Regarding Increasing Vulnerabilities in Technosoft Systems

Critical Vulnerabilities Identified in Rising Technosoft CAP Back Office Application

Critical Vulnerabilities Detected in Rising Technosoft CAP Application

In a recent alert, the Indian Computer Emergency Response Team (CERT-In) issued a vital advisory, CIVN-2025-0048, regarding multiple vulnerabilities present in the Rising Technosoft CAP back office application. This Windows-based software, widely used by stockbrokers and depository participants, is at risk due to flaws affecting all versions prior to 2.0.4.

The vulnerabilities outlined by CERT-In pose a significant cybersecurity threat, potentially enabling attackers to gain unauthorized access, perform account takeovers, and trigger data breaches. Among the five critical vulnerabilities, the report highlights an improper authentication vulnerability (CVE-2025-29994) that allows unauthenticated users to bypass security mechanisms through API parameter manipulation. This breach could lead to alarming data theft or account misuse.

Another critical issue is the account takeover vulnerability (CVE-2025-29995), stemming from a weak password reset protocol. Attackers with valid login IDs could exploit this to reset passwords of other users, gaining full control over accounts and sensitive data. Additionally, the application suffers from an authentication bypass vulnerability (CVE-2025-29996) that could allow attackers to break through two-factor authentication measures via manipulated API requests.

The report also specifies an improper access control vulnerability (CVE-2025-29997), where validated attackers might access other users’ accounts by altering API request URLs. Furthermore, a lack of rate limiting (CVE-2025-29998) on OTP requests can lead to denial-of-service scenarios, severely hampering legitimate user access.

In light of these alarming findings, Rising Technosoft is urging all users to upgrade to version 2.0.4 or later. Failure to address these vulnerabilities could yield devastating consequences, impacting user security and trust in the platform. Rising Technosoft is committed to resolving these issues promptly, aiming to fortify its application against potential attacks.

CERT-In Issues Warning Regarding Increasing Vulnerabilities in Technosoft Systems

Critical Vulnerabilities Identified in Rising Technosoft CAP Back Office Application

Related articles

BeyondTrust Pathfinder Offers a Unified Solution for Identity-Centric Security – Intelligent CISO

A Lasting Focus for 2025 and Beyond – The Intelligent CISO

Suspected LockBit Ransomware Developer Extradited to the U.S.

Recent articles

New Global Optical Trade Organization Appoints Its First Executive Board

Sean Plankey Selected as the Next Director of CISA

DeepSeek Fails 58% of Jailbreak Tests Conducted by Qualys TotalAI

Donald Trump Holds Another Million-Dollar ‘Candlelight’ Dinner, Joined by Elon Musk

Latest Updates

New Global Optical Trade Organization Appoints Its First Executive Board

Sean Plankey Selected as the Next Director of CISA

DeepSeek Fails 58% of Jailbreak Tests Conducted by Qualys TotalAI

Donald Trump Holds Another Million-Dollar ‘Candlelight’ Dinner, Joined by Elon Musk