CVE-2025-50503
BaseFortify
Publication date: 2025-08-20
Last updated on: 2025-08-20
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| touch | mobile_app | 2.20.2 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-640 | The product contains a mechanism for users to recover or change their passwords without knowing the original password, but the mechanism is weak. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the password reset workflow of the Touch Lebanon Mobile App version 2.20.2. It allows an attacker to bypass the OTP (One-Time Password) mechanism used to reset passwords. By manipulating the reset process, an unauthorized user can reset the password and gain access to the account without providing the legitimate OTP authentication factor.
How can this vulnerability impact me? :
This vulnerability can lead to unauthorized access to user accounts, compromising account security. An attacker who exploits this flaw can reset passwords without proper authentication, potentially gaining access to sensitive user data and causing significant harm to users and the application provider.