CVE-2025-25748

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2025-25748

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-25748.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2025-25748

Downstream

DEBIAN-CVE-2025-25748

UBUNTU-CVE-2025-25748

Published

2025-03-11T18:15:32Z

Modified

2025-04-20T17:00:04Z

Summary

[none]

Details

A CSRF vulnerability in the gestioneutenti.php endpoint of HotelDruid 3.0.7 allows attackers to perform unauthorized actions (e.g., modifying user passwords) on behalf of authenticated users by exploiting the lack of origin or referrer validation and the absence of CSRF tokens. NOTE: this is disputed because there is an idsessione CSRF token.

Database specific

{
    "isDisputed": true
}

References

https://www.huyvo.net/post/cve-2025-25748-cross-site-request-forgery-csrf-vulnerability-in-hoteldruid-3-0-7

CVE-2025-25748

Affected packages