CVE Catalog

CVE-2025-69614

Critical
Published: Translated: NVD NIST

Summary

Incorrect access control via activation token reuse on the password-reset endpoint allowing unauthorized password resets and full account takeover.

Risk Assessment

The organization is at risk of unauthorized access to user accounts, potentially leading to data loss and privacy breaches.

Recommendation

It is recommended to update the Telekom Account Management Portal to a version after 2025-10-31 to mitigate this vulnerability.

Original NVD description (English source)

Incorrect Access Control via activation token reuse on the password-reset endpoint allowing unauthorized password resets and full account takeover. Affected Product: Deutsche Telekom AG Telekom Account Management Portal, versions before 2025-10-27, fixed 2025-10-31.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS