CVE-2025-26524

Vulnerability Description

This vulnerability exists in RupeeWeb trading platform due to missing rate limiting on OTP requests in certain API endpoints. An authenticated remote attacker could exploit this vulnerability by sending multiple OTP request through vulnerable API endpoints which could lead to the OTP bombing/ flooding on the targeted system.

Related Weaknesses (CWE)

CWE-799

References

https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2025-0

FAQ

What is CVE-2025-26524?

CVE-2025-26524 is a documented vulnerability. This vulnerability exists in RupeeWeb trading platform due to missing rate limiting on OTP requests in certain API endpoints. An authenticated remote attacker could exploit this vulnerability by sendi...

How severe is CVE-2025-26524?

CVSS scoring is not yet available for CVE-2025-26524. Check NVD for updates.

Is there a patch for CVE-2025-26524?

Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.