CVE-2025-69634

Name of the Vulnerable Software and Affected Versions Dolibarr ERP & CRM version 22.0.9

Description A Cross Site Request Forgery issue exists in Dolibarr ERP & CRM version 22.0.9. A remote attacker may be able to escalate privileges through the notes field in the perms.php file. It is noted that exploitation may only be possible if an unprivileged user has access to an administrator's token. The API endpoint involved is perms.php. The vulnerable parameter is notes.

Recommendations Versions prior to 22.0.9 are affected. At the moment, there is no information about a newer version that contains a fix for this vulnerability.