DEBIAN-CVE-2025-25748

See a problem?
Please try reporting it to the source first.

Source

https://security-tracker.debian.org/tracker/DEBIAN-CVE-2025-25748

Import Source

https://storage.googleapis.com/osv-test-debian-osv/debian-cve-osv/DEBIAN-CVE-2025-25748.json

JSON Data

https://api.test.osv.dev/v1/vulns/DEBIAN-CVE-2025-25748

Upstream

CVE-2025-25748

Published

2025-03-11T18:15:32Z

Modified

2025-09-18T05:19:31Z

Summary

[none]

Details

A CSRF vulnerability in the gestioneutenti.php endpoint of HotelDruid 3.0.7 allows attackers to perform unauthorized actions (e.g., modifying user passwords) on behalf of authenticated users by exploiting the lack of origin or referrer validation and the absence of CSRF tokens. NOTE: this is disputed because there is an idsessione CSRF token.

References

https://security-tracker.debian.org/tracker/CVE-2025-25748

Affected packages

Debian:11 / hoteldruid

Package

Name: hoteldruid
Purl: pkg:deb/debian/hoteldruid?arch=source

Affected ranges

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / hoteldruid

Package

Name: hoteldruid
Purl: pkg:deb/debian/hoteldruid?arch=source

Affected ranges

Ecosystem specific

{
    "urgency": "not yet assigned"
}