Security Advisory

CVE-2025-42600

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2025-04-23 10:25:16
Last updated 2025-04-23 15:29:56
Assigner CERT-In
State PUBLISHED

Description

This vulnerability exists in Meon KYC solutions due to missing restrictions on the number of incorrect One-Time Password (OTP) attempts through certain API endpoints of login process. A remote attacker could exploit this vulnerability by performing a brute force attack on OTP, which could lead to gain unauthorized access to other user accounts.