cvedb.io
CVE-2025-42600
UNKNOWN · CVSS n/a
EPSS exploitation probability: 0%
Published 2025-04-23T11:15:46.603 · Last modified 2026-06-17T09:23:08.817

Summary

This vulnerability exists in Meon KYC solutions due to missing restrictions on the number of incorrect One-Time Password (OTP) attempts through certain API endpoints of login process. A remote attacker could exploit this vulnerability by performing a brute force attack on OTP, which could lead to gain unauthorized access to other user accounts.

Does this affect you?

Add your gear to cvedb and we'll alert you only when a vendor you run ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.