CVE Catalog
CVE-2025-69614
CriticalSummary
Incorrect access control via activation token reuse on the password-reset endpoint allowing unauthorized password resets and full account takeover.
Risk Assessment
The organization is at risk of unauthorized access to user accounts, potentially leading to data loss and privacy breaches.
Recommendation
It is recommended to update the Telekom Account Management Portal to a version after 2025-10-31 to mitigate this vulnerability.
Original NVD description (English source)
Incorrect Access Control via activation token reuse on the password-reset endpoint allowing unauthorized password resets and full account takeover. Affected Product: Deutsche Telekom AG Telekom Account Management Portal, versions before 2025-10-27, fixed 2025-10-31.

