CVE-2025-25748

HIGH

Digitaldruid Hoteldruid - CSRF

Title source: rule

Description

A CSRF vulnerability in the gestione_utenti.php endpoint of HotelDruid 3.0.7 allows attackers to perform unauthorized actions (e.g., modifying user passwords) on behalf of authenticated users by exploiting the lack of origin or referrer validation and the absence of CSRF tokens. NOTE: this is disputed because there is an id_sessione CSRF token.

Exploits (1)

nomisec WORKING POC

by huyvo2910 · poc

https://github.com/huyvo2910/CVE-2525-25748-Cross-Site-Request-Forgery-CSRF-Vulnerability-in-HotelDruid-3.0.7

View Code ZIP pw:eip

References (1)

[URL Repurposed] https://www.huyvo.net/post/cve-2025-25748-cross-site-request-forgery-csrf-vulnerability-in-hoteldruid-3-0-7

Scores

CVSS v3 7.3

EPSS 0.0008

EPSS Percentile 22.8%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-352

Status published

Products (1)

digitaldruid/hoteldruid 3.0.7

Published Mar 11, 2025

Tracked Since Feb 18, 2026