CVE-2025-4542

Name of the Vulnerable Software and Affected Versions Freeebird Hotel 酒店管理系统 API versions up to 1.2

Description A problematic issue has been found in the API, affecting some unknown functionality of the file /src/main/java/cn/mafangui/hotel/tool/SessionInterceptor.java. This leads to a permissive cross-domain policy with untrusted domains. The attack can be launched remotely, with a rather high complexity and difficult exploitation.

Recommendations For Freeebird Hotel 酒店管理系统 API versions up to 1.2, consider restricting access to the SessionInterceptor.java file as a temporary workaround until a patch is available.