CVE-2025-25748

Name of the Vulnerable Software and Affected Versions: HotelDruid version 3.0.7

Description: A CSRF issue in the "gestione utenti.php" endpoint allows attackers to perform unauthorized actions, such as modifying user passwords, on behalf of authenticated users. This is due to the lack of origin or referrer validation and the absence of CSRF tokens.

Recommendations: For HotelDruid version 3.0.7, consider implementing origin or referrer validation and adding CSRF tokens to the "gestione utenti.php" endpoint to prevent unauthorized actions. As a temporary workaround, restrict access to the "gestione utenti.php" endpoint to minimize the risk of exploitation.