CVE Catalog

CVE-2025-69615

Critical
Published: Translated: NVD NIST

Summary

Incorrect access control due to missing 2FA rate-limiting allows unlimited brute-force attempts and full MFA bypass with no user interaction required. This affects the Deutsche Telekom AG Telekom Account Management Portal versions before 2025-10-24.

Risk Assessment

The organization is exposed to brute-force attacks, which may lead to unauthorized access to user accounts. The lack of user interaction in the MFA bypass process increases the risk of account compromise.

Recommendation

It is recommended to update the account management portal to a version after 2025-11-03 to implement proper 2FA rate-limiting mechanisms. Additionally, consider introducing further security measures to protect against brute-force attacks.

Original NVD description (English source)

Incorrect Access Control via missing 2FA rate-limiting allowing unlimited brute-force retries and full MFA bypass with no user interaction required. Affected Product: Deutsche Telekom AG Telekom Account Management Portal, versions before 2025-10-24, fixed 2025-11-03.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS