CVE-2025-69615
Analyzed Analyzed - Analysis Complete
MFA Bypass via Missing 2FA Rate-Limiting in Telekom Portal

Publication date: 2026-03-10

Last updated on: 2026-05-07

Assigner: MITRE

Description
Incorrect Access Control via missing 2FA rate-limiting allowing unlimited brute-force retries and full MFA bypass with no user interaction required. Affected Product: Deutsche Telekom AG Telekom Account Management Portal, versions before 2025-10-24, fixed 2025-11-03.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-10
Last Modified
2026-05-07
Generated
2026-06-16
AI Q&A
2026-03-10
EPSS Evaluated
2026-06-14
NVD
CVE-2025-69615
EUVD
EUVD-2025-208508
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
telekom account_management_portal to 2025-10-24 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-307 The product does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability involves incorrect access control due to missing two-factor authentication (2FA) rate-limiting. It allows an attacker to perform unlimited brute-force retries, effectively bypassing multi-factor authentication (MFA) without any user interaction.

The affected product is the Deutsche Telekom AG Telekom Account Management Portal, specifically versions before 2025-10-24, with a fix released on 2025-11-03.

Impact Analysis

An attacker exploiting this vulnerability can gain unauthorized access to user accounts by bypassing MFA protections without needing any interaction from the user.

  • This can lead to full compromise of account confidentiality and integrity.
  • Since the vulnerability has a high CVSS score (9.1), it represents a critical security risk.
Compliance Impact

I don't know

Detection Guidance

I don't know

Mitigation Strategies

I don't know

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-69615. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart