VYPR

Account Management Portal

by Telekom

CVEs (2)

  • CVE-2025-69614CriMar 10, 2026
    risk 0.61cvss 9.4epss 0.00

    Incorrect Access Control via activation token reuse on the password-reset endpoint allowing unauthorized password resets and full account takeover. Affected Product: Deutsche Telekom AG Telekom Account Management Portal, versions before 2025-10-27, fixed 2025-10-31.

  • CVE-2025-69615CriMar 10, 2026
    risk 0.59cvss 9.1epss 0.00

    Incorrect Access Control via missing 2FA rate-limiting allowing unlimited brute-force retries and full MFA bypass with no user interaction required. Affected Product: Deutsche Telekom AG Telekom Account Management Portal, versions before 2025-10-24, fixed 2025-11-03.