PT-2025-10458 · Unknown+1 · Hoteldruid+1

Huy Vo

Published

2025-03-07

Updated

2026-01-29

CVE-2025-25748

CVSS v3.1

7.3

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L

Name of the Vulnerable Software and Affected Versions: HotelDruid version 3.0.7

Description: A CSRF issue in the "gestione utenti.php" endpoint allows attackers to perform unauthorized actions, such as modifying user passwords, on behalf of authenticated users. This is due to the lack of origin or referrer validation and the absence of CSRF tokens.

Recommendations: For HotelDruid version 3.0.7, consider implementing origin or referrer validation and adding CSRF tokens to the "gestione utenti.php" endpoint to prevent unauthorized actions. As a temporary workaround, restrict access to the "gestione utenti.php" endpoint to minimize the risk of exploitation.

Fix

CSRF

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-352

Related Identifiers

CVE-2025-25748

Affected Products

Debian

Hoteldruid

PT-2025-10458 · Unknown+1 · Hoteldruid+1

CVE-2025-25748

Weakness Enumeration

Related Identifiers

Affected Products

References · 13