CVE-2025-26522

HIGH Year: 2025
Weakness Type
CWE-302
View all →

Vulnerability Description

This vulnerability exists in RupeeWeb trading platform due to improper implementation of OTP validation mechanism in certain API endpoints. A remote attacker with valid credentials could exploit this vulnerability by manipulating API responses. Successful exploitation of this vulnerability could allow the attacker to bypass Two-Factor Authentication (2FA) for other user accounts.

Related Vulnerabilities

CVE-2025-29813

CRITICAL
CVSS:10.0(Critical)

[Spoofable identity claims] Authentication Bypass by Assumed-Immutable Data in Azure DevOps allows an unauthorized attacker to elevate privileges over a network.

CWE-3022025

CVE-2024-56404

CRITICAL
CVSS:9.9(Critical)

In One Identity Identity Manager 9.x before 9.3, an insecure direct object reference (IDOR) vulnerability allows privilege escalation. Only On-Premise installations are affected.

CWE-3022024

CVE-2016-9482

CRITICAL
CVSS:9.8(Critical)

Code generated by PHP FormMail Generator may allow a remote unauthenticated user to bypass authentication in the to access the administrator panel by navigating directly to /admin.php?mod=admin&func=p...

CWE-3022016

CVE-2023-4612

CRITICAL
CVSS:9.8(Critical)

Improper Authentication vulnerability in Apereo CAS in jakarta.servlet.http.HttpServletRequest.getRemoteAddr method allows Multi-Factor Authentication bypass.This issue affects CAS: through 7.0.0-RC7....

CWE-3022023

CVE-2023-4669

CRITICAL
CVSS:9.8(Critical)

Authentication Bypass by Assumed-Immutable Data vulnerability in Exagate SYSGuard 3001 allows Authentication Bypass.This issue affects SYSGuard 3001: before 3.2.20.0.

CWE-3022023

CVE-2024-43441

CRITICAL
CVSS:9.8(Critical)

Authentication Bypass by Assumed-Immutable Data vulnerability in Apache HugeGraph-Server. This issue affects Apache HugeGraph-Server: from 1.0.0 before 1.5.0. Users are recommended to upgrade to versi...

CWE-3022024