CERT-In Issues Warning Regarding Increasing Vulnerabilities in Technosoft Systems

Resources
CERT-In Issues Warning Regarding Increasing Vulnerabilities in Technosoft Systems

Published:

Written by: Staff Editor
spot_img

Critical Vulnerabilities Identified in Rising Technosoft CAP Back Office Application

Critical Vulnerabilities Detected in Rising Technosoft CAP Application

In a recent alert, the Indian Computer Emergency Response Team (CERT-In) issued a vital advisory, CIVN-2025-0048, regarding multiple vulnerabilities present in the Rising Technosoft CAP back office application. This Windows-based software, widely used by stockbrokers and depository participants, is at risk due to flaws affecting all versions prior to 2.0.4.

The vulnerabilities outlined by CERT-In pose a significant cybersecurity threat, potentially enabling attackers to gain unauthorized access, perform account takeovers, and trigger data breaches. Among the five critical vulnerabilities, the report highlights an improper authentication vulnerability (CVE-2025-29994) that allows unauthenticated users to bypass security mechanisms through API parameter manipulation. This breach could lead to alarming data theft or account misuse.

Another critical issue is the account takeover vulnerability (CVE-2025-29995), stemming from a weak password reset protocol. Attackers with valid login IDs could exploit this to reset passwords of other users, gaining full control over accounts and sensitive data. Additionally, the application suffers from an authentication bypass vulnerability (CVE-2025-29996) that could allow attackers to break through two-factor authentication measures via manipulated API requests.

The report also specifies an improper access control vulnerability (CVE-2025-29997), where validated attackers might access other users’ accounts by altering API request URLs. Furthermore, a lack of rate limiting (CVE-2025-29998) on OTP requests can lead to denial-of-service scenarios, severely hampering legitimate user access.

In light of these alarming findings, Rising Technosoft is urging all users to upgrade to version 2.0.4 or later. Failure to address these vulnerabilities could yield devastating consequences, impacting user security and trust in the platform. Rising Technosoft is committed to resolving these issues promptly, aiming to fortify its application against potential attacks.

spot_img

Related articles

Recent articles

84 Hours of Internet Blackout in Iran Amid Growing Unrest

Dark Watch
Iran's Internet Blackout: A Deepening Crisis Amid Unrest Four Days Without Connectivity Iran has plunged into a state of digital isolation as an internet blackout enters...
Read more

NSA Appoints Timothy Kosiba to Lead Cybersecurity Strategy

Resources
Appointment of Timothy Kosiba as NSA Deputy Director: A Leadership Milestone The National Security Agency (NSA) has recently announced a pivotal leadership change with the...
Read more

Comprehensive Threat Analysis of Cyber Campaigns in the UAE for H1 2025

Regional
Understanding the Cybersecurity Threat Landscape in the UAE: Insights from 2025 An analysis by Alain Penel, Vice President for the Middle East, Turkey, and CIS...
Read more

2026 Business Blast Radius: Dr. Amit Chaubey on Cyber Disruption as a Sovereign Risk

Dark Watch
The 2026 Business Blast Radius: Insights from Dr. Amit Chaubey In a recent conversation with The Cyber Express, Dr. Amit Chaubey, the Managing Director and...
Read more
Sign up to the Newsletter and never miss out on the latest news!
Join the Cyber Warriors community and get Insider Tips & Tricks to defend your digital assets.

© Cyberwarriorsmiddleeast.com