CRITICAL🇵🇱 Wersja polska

CVE-2025-1740

CVSS 9.8v3.1pub. 2025-09-03upd. 2026-06-06

Improper Restriction of Excessive Authentication Attempts vulnerability in Akinsoft MyRezzta allows Authentication Bypass, Password Recovery Exploitation, Brute Force. This issue affects MyRezzta: from s2.03.01 before v2.05.01.

🤖 AI Analysis
How it works

The application does not implement effective mechanisms limiting the number of consecutive login attempts, such as account lockout, CAPTCHA, or request throttling. An attacker can repeatedly attempt various password combinations (brute force) without any consequences on the system side. The lack of protection also applies to the password recovery procedure, which can be exploited to take over an account without knowledge of the original password.

Impact

An attacker can gain unauthorized access to user accounts, including administrative accounts, leading to complete breach of confidentiality, integrity, and availability of data in the application.

Mitigation & patch

Akinsoft MyRezzta should be updated to version v2.05.01 or later. Detailed information is available at: https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-25-0205

Who is affected

Akinsoft MyRezzta in versions from s2.03.01 to versions preceding v2.05.01

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
Auth Bypass
CWE
References