Cyber Posture

CVE-2025-30073

High

Published: 26 March 2025

Published
26 March 2025
Modified
15 April 2026
KEV Added
Patch
CVSS Score 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS Score 0.0017 37.5th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-30073 is a high-severity Exposure of Data Element to Wrong Session (CWE-488) vulnerability in Syss (inferred from references). Its CVSS base score is 7.5 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 37.5th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploit Public-Facing Application (T1190) and 1 other technique. What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match
prevent

Timely identification, reporting, and remediation of the transaction reference reuse flaw directly prevents unauthorized over-crediting of employee cards.

SI-10 Information Input Validation good match
prevent

Information input validation enforces uniqueness of transaction references, blocking creation or processing of duplicates that enable the exploit.

AU-3 Content of Audit Records partial match
detect

Audit records capturing transaction references, payment completions, and card credits allow detection of anomalous duplicate fulfillments.

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
attack.mitre.org →
T1657 Financial Theft Impact
Adversaries may steal monetary resources from targets through extortion, social engineering, technical theft, or other methods aimed at their own financial gain at the expense of the availability of these resources for victims.
attack.mitre.org →
Why these techniques?

Vulnerability in public-facing web app enables remote exploitation (T1190) leading to unauthorized over-crediting of funds (T1657).

Confidence: MEDIUM · MITRE ATT&CK Enterprise v19.0

NVD Description

An issue was discovered in OPC cardsystems Webapp Aufwertung 2.1.0. The reference assigned to transactions can be reused. When completing a payment, the first or all transactions with the same reference are completed, depending on timing. This can be used…

more

to transfer more money onto employee cards than is paid.

Deeper analysisAI

CVE-2025-30073 affects OPC cardsystems Webapp Aufwertung version 2.1.0, a web application used for loading funds onto employee cards. The vulnerability stems from the reuse of transaction references. When a payment is completed, the system processes the first or all transactions with the matching reference, depending on timing conditions. This business logic flaw, classified under CWE-488 (consistency of security controls across components), enables unauthorized over-crediting of funds.

The vulnerability carries a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N), indicating it is exploitable over the network with low complexity by unauthenticated attackers requiring no user interaction. An attacker can initiate multiple transactions using the same reference and complete a single payment to trigger fulfillment of all associated transactions, resulting in more money being transferred to employee cards than was actually paid.

For mitigation guidance, refer to the advisory at https://www.syss.de/pentest-blog/businesslogik-fehler-bei-aufwertung-von-geldkarten-in-opcr-webapp-aufwertung-syss-2024-089.

Details

CWE(s)
CWE-488

Affected Products

Syss
inferred from references and description; NVD did not file a CPE for this CVE

CVEs Like This One

CVE-2025-1247Shared CWE-488
CVE-2026-34391Shared CWE-488
CVE-2025-15576Shared CWE-488
CVE-2023-1907Shared CWE-488

References