Critical severity9.1NVD Advisory· Published Mar 10, 2026· Updated May 7, 2026

CVE-2025-69615

Description

Incorrect Access Control via missing 2FA rate-limiting allowing unlimited brute-force retries and full MFA bypass with no user interaction required. Affected Product: Deutsche Telekom AG Telekom Account Management Portal, versions before 2025-10-24, fixed 2025-11-03.

Affected products

Telekom/Account Management Portal
cpe:2.3:a:telekom:account_management_portal:*:*:*:*:*:*:*:*
Range: <=2025-10-24
Deutsche Telekom AG/Telekom Account Management Portaldescription

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

gist.github.com/ethicalrohitt/b3e6d071aac8530459e8b3a5720bb832nvdThird Party Advisory
www.telekom.com/en/company/data-privacy-and-security/news/acknowledgements-358300nvdProduct

News mentions

No linked articles in our index yet.

cvss	0.591
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000