CVE-2025-25748

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2025-25748
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-25748.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2025-25748
Downstream
Published
2025-03-11T18:15:32.810Z
Modified
2026-03-12T20:11:35.714456Z
Severity
  • 7.3 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L CVSS Calculator
Summary
[none]
Details

A CSRF vulnerability in the gestioneutenti.php endpoint of HotelDruid 3.0.7 allows attackers to perform unauthorized actions (e.g., modifying user passwords) on behalf of authenticated users by exploiting the lack of origin or referrer validation and the absence of CSRF tokens. NOTE: this is disputed because there is an idsessione CSRF token.

References

Affected packages

Git /

Affected ranges

Database specific

unresolved_ranges 
[
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "3.0.7"
            }
        ]
    }
]
source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-25748.json"