CVE-2025-50503HIGH 8.8EPSS p25.6%

CVE-2025-50503CVE-2025-50503

Description

A vulnerability in the password reset workflow of the Touch Lebanon Mobile App 2.20.2 allows an attacker to bypass the OTP reset password mechanism. By manipulating the reset process, an unauthorized user may be able to reset the password and gain access to the account without needing to provide a legitimate authentication factor, such as an OTP. This compromises account security and allows for potential unauthorized access to user data.

Scoring

CVSS 3.18.8 (HIGH)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS0.34% probability of exploitation · percentile 25.6% · 2026-06-19T12:03:05Z
Published2025-08-20
Last modified2026-04-15

Underlying weaknesses· 1

CWE-640

References

  1. https://github.com/ksarieddine/disclosures/blob/main/Touch%20Mobile%20Application/2FA%20Bypass%20-%20Touch%20Lebanon.md
  2. https://www.touch.com.lb/autoforms/portal/touch/personal/contentandapps/mobileapp

1

TypeTargetConfidenceTier
WeaknessWeak Password Recovery Mechanism for Forgotten Passwordcwe-6400%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-5305
CVE
CVE-2026-25858
CVE
CVE-2025-58587
CVE
CVE-2026-26417
CVE
CVE-2025-26010
CVE
CVE-2026-24789
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.