Auth bypass in Rising Technosoft Cap Back Office Application

CVE-2025-29997

This vulnerability exists in the CAP back office application due to improper authorization checks on certain API endpoints. An authenticated remote attacker could exploit this vulnerability by manipulating API request URL to gain unauthori…

Vulnerability class: Broken Access Control

EPSS: 0.003 (25.6th percentile) — read the EPSS interpretation.

Affected products

Weakness classification (CWE)

Public proof-of-concept exploits

References

Frequently asked questions

What is CVE-2025-29997?
CVE-2025-29997 is a vulnerability in Rising Technosoft Cap Back Office Application, classified under Incorrect Authorization. Published 2025-03-13.
Is CVE-2025-29997 known to be exploited?
1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.