CVE-2025-42604
Detailed Error Response Vulnerability in Meon KYC solutions
In short
Meon KYC's API endpoints left debug mode enabled, allowing attackers to access error messages that expose internal system information without proper authorization.
Technical detail
Debug mode is active on specific API endpoints in Meon KYC solutions, enabling unauthenticated remote attackers to trigger verbose error responses that disclose sensitive system architecture and configuration details (CWE-1295: Improper Neutralization of Special Elements used in an Error Message). This information disclosure can facilitate reconnaissance for further attacks.
Summary generated and translated by AI from the official description.
This vulnerability exists in Meon KYC solutions due to debug mode is enabled in certain API endpoints. A remote attacker could exploit this vulnerability by accessing certain unauthorized API endpoints leading to detailed error messages as response leading to disclosure of system related information.
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
Affected products
Meon · KYC solutionsWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →