CERT-In Issues Warning Regarding Increasing Vulnerabilities in Technosoft Systems

Resources
CERT-In Issues Warning Regarding Increasing Vulnerabilities in Technosoft Systems

Published:

Written by: Staff Editor
spot_img

Critical Vulnerabilities Identified in Rising Technosoft CAP Back Office Application

Critical Vulnerabilities Detected in Rising Technosoft CAP Application

In a recent alert, the Indian Computer Emergency Response Team (CERT-In) issued a vital advisory, CIVN-2025-0048, regarding multiple vulnerabilities present in the Rising Technosoft CAP back office application. This Windows-based software, widely used by stockbrokers and depository participants, is at risk due to flaws affecting all versions prior to 2.0.4.

The vulnerabilities outlined by CERT-In pose a significant cybersecurity threat, potentially enabling attackers to gain unauthorized access, perform account takeovers, and trigger data breaches. Among the five critical vulnerabilities, the report highlights an improper authentication vulnerability (CVE-2025-29994) that allows unauthenticated users to bypass security mechanisms through API parameter manipulation. This breach could lead to alarming data theft or account misuse.

Another critical issue is the account takeover vulnerability (CVE-2025-29995), stemming from a weak password reset protocol. Attackers with valid login IDs could exploit this to reset passwords of other users, gaining full control over accounts and sensitive data. Additionally, the application suffers from an authentication bypass vulnerability (CVE-2025-29996) that could allow attackers to break through two-factor authentication measures via manipulated API requests.

The report also specifies an improper access control vulnerability (CVE-2025-29997), where validated attackers might access other users’ accounts by altering API request URLs. Furthermore, a lack of rate limiting (CVE-2025-29998) on OTP requests can lead to denial-of-service scenarios, severely hampering legitimate user access.

In light of these alarming findings, Rising Technosoft is urging all users to upgrade to version 2.0.4 or later. Failure to address these vulnerabilities could yield devastating consequences, impacting user security and trust in the platform. Rising Technosoft is committed to resolving these issues promptly, aiming to fortify its application against potential attacks.

spot_img

Related articles

Recent articles

Critical CVSS 10.0 Vulnerability in Wishlist Plugin Puts Over 100,000 WordPress Sites at Risk

Global
Critical Security Flaw in TI WooCommerce Wishlist Plugin Overview of the Vulnerability Cybersecurity experts have identified a serious security vulnerability in the TI WooCommerce Wishlist plugin...
Read more

Avnet India and NITK Surathkal Join Forces to Develop AI Solutions for Landslide Detection and Wildlife Conservation

Regional
Avnet India Partners with NITK for Sustainable Innovation A Major Step Towards Environmental Sustainability Bangalore, India – Avnet India Pvt Ltd, a renowned global technology distributor,...
Read more

Ransomware Strikes: 69% of Organizations Affected in Past Year

Global
Rising Ransomware Threats: A Realty Check The Alarming Statistics Recent findings from Delinea’s 2025 State of Ransomware Report paint a stark picture of the current cybersecurity...
Read more

Empowering Cybersecurity Experts to Safeguard National Digital Sovereignty

Knowledge Hub
Shaping the Future of Cybersecurity: Positive Hack Camp 2025 In an age where our digital world is increasingly vulnerable to attacks, the necessity for skilled...
Read more
Sign up to the Newsletter and never miss out on the latest news!
Join the Cyber Warriors community and get Insider Tips & Tricks to defend your digital assets.

© Cyberwarriorsmiddleeast.com