CVE-2025-29448

Name of the Vulnerable Software and Affected Versions Easy!Appointments version 1.5.1

Description A business logic flaw in Easy!Appointments allows unauthenticated attackers to create appointments with excessively long durations, causing a denial of service by blocking all future booking availability. This issue enables attackers to cause a Denial of Service (DoS) via unspecified vectors.

Recommendations For Easy!Appointments version 1.5.1, consider implementing validation on appointment duration to prevent excessively long bookings, thereby mitigating the risk of a denial of service attack. As a temporary workaround, restrict the ability to create new appointments until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.