UBUNTU-CVE-2025-25748

See a problem?
Please try reporting it to the source first.

Source

https://ubuntu.com/security/CVE-2025-25748

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2025/UBUNTU-CVE-2025-25748.json

JSON Data

https://api.osv.dev/v1/vulns/UBUNTU-CVE-2025-25748

Related

CVE-2025-25748

Published

2025-03-11T18:15:00Z

Modified

2025-03-20T04:34:07Z

Summary

[none]

Details

A CSRF vulnerability in the gestioneutenti.php endpoint of HotelDruid 3.0.7 allows attackers to perform unauthorized actions (e.g., modifying user passwords) on behalf of authenticated users by exploiting the lack of origin or referrer validation and the absence of CSRF tokens. NOTE: this is disputed because there is an idsessione CSRF token.

References

Affected packages

Ubuntu:Pro:16.04:LTS / hoteldruid

Package

Name: hoteldruid
Purl: pkg:deb/ubuntu/hoteldruid@2.1.4-1ubuntu2?arch=source&distro=esm-apps/xenial

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

2.*

2.1.0-1

2.1.3-1

2.1.4-1

2.1.4-1ubuntu1

2.1.4-1ubuntu2

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:Pro:18.04:LTS / hoteldruid

Package

Name: hoteldruid
Purl: pkg:deb/ubuntu/hoteldruid@2.2.2-1?arch=source&distro=esm-apps/bionic

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

2.*

2.2.1-1

2.2.2-1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:20.04:LTS / hoteldruid

Package

Name: hoteldruid
Purl: pkg:deb/ubuntu/hoteldruid@3.0.1-1?arch=source&distro=focal

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

2.*

2.3.2-1

3.*

3.0.0-1

3.0.1-1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:22.04:LTS / hoteldruid

Package

Name: hoteldruid
Purl: pkg:deb/ubuntu/hoteldruid@3.0.3-1?arch=source&distro=jammy

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

3.*

3.0.1-1

3.0.3-1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:24.10 / hoteldruid

Package

Name: hoteldruid
Purl: pkg:deb/ubuntu/hoteldruid@3.0.6-1?arch=source&distro=oracular

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

3.*

3.0.6-1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:24.04:LTS / hoteldruid

Package

Name: hoteldruid
Purl: pkg:deb/ubuntu/hoteldruid@3.0.6-1?arch=source&distro=noble

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

3.*

3.0.5-1

3.0.6-1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}