Account Management Portal
CVE-2025-69615
CRITICAL
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Lifecycle Timeline
2DescriptionCVE.org
Incorrect Access Control via missing 2FA rate-limiting allowing unlimited brute-force retries and full MFA bypass with no user interaction required. Affected Product: Deutsche Telekom AG Telekom Account Management Portal, versions before 2025-10-24, fixed 2025-11-03.
AnalysisAI
A product has missing 2FA rate limiting allowing unlimited brute-force attempts against two-factor authentication codes.
Technical ContextAI
CWE-307 no rate limiting on 2FA verification allows unlimited attempts.
RemediationAI
Implement rate limiting on 2FA endpoints. Lock accounts after failed attempts.
More in Account Management Portal
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today