CVE-2025-42601
Captcha Bypass Vulnerability in Meon KYC solutions
In short
Meon KYC solutions fails to properly validate captcha responses on the server side, allowing attackers to remove the captcha parameter from requests and bypass the security check entirely.
Technical detail
CWE-602 insufficient server-side validation allows remote attackers to bypass captcha verification by crafting requests with missing or invalid captcha parameters. The vulnerability exists in API endpoints that should enforce captcha validation; exploitation requires no authentication and directly compromises the intended security control.
Summary generated and translated by AI from the official description.
This vulnerability exists in Meon KYC solutions due to insufficient server-side validation of the Captcha in certain API endpoints. A remote attacker could exploit this vulnerability by intercepting the request and removing the Captcha parameter leading to bypassing the Captcha verification mechanism.
CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:L/SI:N/SA:N
Affected products
Meon · KYC solutionsWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →