CERT-In Issues Warning Regarding Increasing Vulnerabilities in Technosoft Systems

Published:

spot_img

Critical Vulnerabilities Identified in Rising Technosoft CAP Back Office Application

Critical Vulnerabilities Detected in Rising Technosoft CAP Application

In a recent alert, the Indian Computer Emergency Response Team (CERT-In) issued a vital advisory, CIVN-2025-0048, regarding multiple vulnerabilities present in the Rising Technosoft CAP back office application. This Windows-based software, widely used by stockbrokers and depository participants, is at risk due to flaws affecting all versions prior to 2.0.4.

The vulnerabilities outlined by CERT-In pose a significant cybersecurity threat, potentially enabling attackers to gain unauthorized access, perform account takeovers, and trigger data breaches. Among the five critical vulnerabilities, the report highlights an improper authentication vulnerability (CVE-2025-29994) that allows unauthenticated users to bypass security mechanisms through API parameter manipulation. This breach could lead to alarming data theft or account misuse.

Another critical issue is the account takeover vulnerability (CVE-2025-29995), stemming from a weak password reset protocol. Attackers with valid login IDs could exploit this to reset passwords of other users, gaining full control over accounts and sensitive data. Additionally, the application suffers from an authentication bypass vulnerability (CVE-2025-29996) that could allow attackers to break through two-factor authentication measures via manipulated API requests.

The report also specifies an improper access control vulnerability (CVE-2025-29997), where validated attackers might access other users’ accounts by altering API request URLs. Furthermore, a lack of rate limiting (CVE-2025-29998) on OTP requests can lead to denial-of-service scenarios, severely hampering legitimate user access.

In light of these alarming findings, Rising Technosoft is urging all users to upgrade to version 2.0.4 or later. Failure to address these vulnerabilities could yield devastating consequences, impacting user security and trust in the platform. Rising Technosoft is committed to resolving these issues promptly, aiming to fortify its application against potential attacks.

spot_img

Related articles

Recent articles

Consolidation Strengthens Cybersecurity in the MENA Region Amid Rising Threats

Consolidation Strengthens cybersecurity in the MENA Region Amid Rising Threats Cybersecurity leaders are navigating an increasingly complex landscape, facing mounting pressure from regulatory bodies, evolving...

Windows Bind Link Attacks Strengthen Evasion Techniques Against EDR Tools

Windows Bind Link Attacks Strengthen Evasion Techniques Against EDR Tools Recent research from Bitdefender has unveiled critical vulnerabilities in Windows' bind link feature, demonstrating how...

Malicious AI Models Surge on Dark Web: WormGPT, FraudGPT, and the Rise of Unrestricted Cybercrime Tools

Malicious AI Models Surge on Dark Web: WormGPT, FraudGPT, and the Rise of Unrestricted Cybercrime Tools The emergence of malicious AI models on the dark...

Cabinet Approves ₹1.27 Lakh Crore Semicon 2.0 to Strengthen India’s Semiconductor Ecosystem

Cabinet Approves ₹1.27 Lakh Crore Semicon 2.0 to Strengthen India's Semiconductor Ecosystem The Union Cabinet of India, led by Prime Minister Narendra Modi, has officially...