PT-2025-10457 · Digitaldruid+1 · Hoteldruid+1

Huy Vo

Published

2025-03-07

Updated

2025-03-11

CVE-2025-25747

CVSS v3.1

5.4

Medium

Vector

AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions: DigitalDruid HotelDruid version 3.0.7

Description: The issue allows an attacker to execute arbitrary code and obtain sensitive information. This is achieved via the ripristina backup parameter in the "crea backup.php" endpoint.

Recommendations: For DigitalDruid HotelDruid version 3.0.7, consider restricting access to the "crea backup.php" endpoint until a patch is available. As a temporary workaround, avoid using the ripristina backup parameter in this endpoint to minimize the risk of exploitation.

Exploit

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2025-25747

Affected Products

Debian

Hoteldruid

PT-2025-10457 · Digitaldruid+1 · Hoteldruid+1

CVE-2025-25747

Weakness Enumeration

Related Identifiers

Affected Products

References · 14