CERT-In Issues Warning Regarding Increasing Vulnerabilities in Technosoft Systems

Published:

spot_img

Critical Vulnerabilities Identified in Rising Technosoft CAP Back Office Application

Critical Vulnerabilities Detected in Rising Technosoft CAP Application

In a recent alert, the Indian Computer Emergency Response Team (CERT-In) issued a vital advisory, CIVN-2025-0048, regarding multiple vulnerabilities present in the Rising Technosoft CAP back office application. This Windows-based software, widely used by stockbrokers and depository participants, is at risk due to flaws affecting all versions prior to 2.0.4.

The vulnerabilities outlined by CERT-In pose a significant cybersecurity threat, potentially enabling attackers to gain unauthorized access, perform account takeovers, and trigger data breaches. Among the five critical vulnerabilities, the report highlights an improper authentication vulnerability (CVE-2025-29994) that allows unauthenticated users to bypass security mechanisms through API parameter manipulation. This breach could lead to alarming data theft or account misuse.

Another critical issue is the account takeover vulnerability (CVE-2025-29995), stemming from a weak password reset protocol. Attackers with valid login IDs could exploit this to reset passwords of other users, gaining full control over accounts and sensitive data. Additionally, the application suffers from an authentication bypass vulnerability (CVE-2025-29996) that could allow attackers to break through two-factor authentication measures via manipulated API requests.

The report also specifies an improper access control vulnerability (CVE-2025-29997), where validated attackers might access other users’ accounts by altering API request URLs. Furthermore, a lack of rate limiting (CVE-2025-29998) on OTP requests can lead to denial-of-service scenarios, severely hampering legitimate user access.

In light of these alarming findings, Rising Technosoft is urging all users to upgrade to version 2.0.4 or later. Failure to address these vulnerabilities could yield devastating consequences, impacting user security and trust in the platform. Rising Technosoft is committed to resolving these issues promptly, aiming to fortify its application against potential attacks.

spot_img

Related articles

Recent articles

Critical CVSS 10.0 Vulnerability in Wishlist Plugin Puts Over 100,000 WordPress Sites at Risk

Critical Security Flaw in TI WooCommerce Wishlist Plugin Overview of the Vulnerability Cybersecurity experts have identified a serious security vulnerability in the TI WooCommerce Wishlist plugin...

Avnet India and NITK Surathkal Join Forces to Develop AI Solutions for Landslide Detection and Wildlife Conservation

Avnet India Partners with NITK for Sustainable Innovation A Major Step Towards Environmental Sustainability Bangalore, India – Avnet India Pvt Ltd, a renowned global technology distributor,...

Ransomware Strikes: 69% of Organizations Affected in Past Year

Rising Ransomware Threats: A Realty Check The Alarming Statistics Recent findings from Delinea’s 2025 State of Ransomware Report paint a stark picture of the current cybersecurity...

Empowering Cybersecurity Experts to Safeguard National Digital Sovereignty

Shaping the Future of Cybersecurity: Positive Hack Camp 2025 In an age where our digital world is increasingly vulnerable to attacks, the necessity for skilled...