CVE-2025-1740 — AI Deep Analysis Summary

🚨 **Essence**: A critical flaw in **Akinsoft MyRezzta** (Online Food Ordering System). <br>⚠️ **Consequences**: Attackers can bypass authentication, reset passwords, and brute-force accounts.…

🛡️ **CWE**: **CWE-307** (Improper Restriction of Excessive Authentication Attempts). <br>🔍 **Flaw**: The system fails to limit login attempts.…

🏢 **Vendor**: **Akinsoft** (Turkey). <br>📦 **Product**: **MyRezzta**. <br>📅 **Affected Versions**: **s2.03.01** up to **v2.05.01** (excluding v2.05.01). <br>🌐 **Type**: Online food ordering platform.

🔓 **Privileges**: **Authentication Bypass**. <br>🔑 **Data**: **Password Recovery** exploitation. <br>💣 **Attack**: **Brute Force** attacks succeed without lockout.…

📉 **Threshold**: **LOW**. <br>🔑 **Auth**: **None required** (PR:N). <br>🌐 **Network**: **Network** accessible (AV:N). <br>🎯 **Complexity**: **Low** (AC:L). <br>👀 **UI**: **No interaction** needed (UI:N).

🚫 **Public Exp**: **No** public PoC or exploit code listed in data. <br>📝 **Reference**: USOM Advisory (tr-25-0205). <br>⚠️ **Risk**: Despite no public code, the flaw is trivial to exploit manually.

🔍 **Check**: Scan for **MyRezzta** instances. <br>🧪 **Test**: Attempt multiple failed logins. <br>📊 **Verify**: Observe if account locks or rate-limits trigger.…

🔧 **Fix**: Upgrade to **v2.05.01** or later. <br>📌 **Status**: Vulnerability exists in versions *before* v2.05.01. <br>📥 **Source**: Check vendor updates or USOM advisory.

🛡️ **Workaround**: Implement **WAF rules** to rate-limit login endpoints. <br>🔒 **Config**: Enable **account lockout** policies manually. <br>👁️ **Monitor**: Alert on high-frequency login failures.…

🔥 **Priority**: **CRITICAL**. <br>📈 **CVSS**: **High** (9.0+ range implied by H/I/A). <br>⏳ **Urgency**: Patch immediately. <br>🚨 **Reason**: No auth needed + easy brute force = high risk of immediate compromise.