Auth bypass in Rising Technosoft Cap Back Office Application
CVE-2025-29997
This vulnerability exists in the CAP back office application due to improper authorization checks on certain API endpoints. An authenticated remote attacker could exploit this vulnerability by manipulating API request URL to gain unauthori…
Vulnerability class: Broken Access Control
EPSS: 0.003 (25.6th percentile) — read the EPSS interpretation.
Affected products
- Rising Technosoft Cap Back Office Application — versions <2.0.4
Weakness classification (CWE)
Public proof-of-concept exploits
References
- vdisclose@cert-in.org.in (third-party-advisory)
Frequently asked questions
- What is CVE-2025-29997?
- CVE-2025-29997 is a vulnerability in Rising Technosoft Cap Back Office Application, classified under Incorrect Authorization. Published 2025-03-13.
- Is CVE-2025-29997 known to be exploited?
- 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.