CVE-2025-25748

HIGH

HotelDruid 3.0.7 - Cross-Site Request Forgery in gestione_utenti.php

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2025-25748. PoCs published by huyvo2910.

AI-analyzed exploit summary This repository contains a working Proof of Concept (PoC) for CVE-2025-25748, a CSRF vulnerability in HotelDruid 3.0.7. The PoC demonstrates how an attacker can change user passwords by exploiting the lack of CSRF tokens and origin validation in the gestione_utenti.php endpoint.

Description

A CSRF vulnerability in the gestione_utenti.php endpoint of HotelDruid 3.0.7 allows attackers to perform unauthorized actions (e.g., modifying user passwords) on behalf of authenticated users by exploiting the lack of origin or referrer validation and the absence of CSRF tokens. NOTE: this is disputed because there is an id_sessione CSRF token.

Exploits (1)

nomisec WORKING POC
by huyvo2910 · poc
https://github.com/huyvo2910/CVE-2525-25748-Cross-Site-Request-Forgery-CSRF-Vulnerability-in-HotelDruid-3.0.7

This repository contains a working Proof of Concept (PoC) for CVE-2025-25748, a CSRF vulnerability in HotelDruid 3.0.7. The PoC demonstrates how an attacker can change user passwords by exploiting the lack of CSRF tokens and origin validation in the gestione_utenti.php endpoint.

Classification
Working Poc 100%
Attack Type
Auth Bypass
Complexity
Trivial
Reliability
Reliable
Target: HotelDruid 3.0.7
Auth required
Prerequisites: Victim must be authenticated in HotelDruid · Attacker must trick victim into visiting a malicious page
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1

Scores

CVSS v3 7.3
EPSS 0.0040
EPSS Percentile 31.1%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact partial

Details

CWE
CWE-352
Status published
Products (1)
digitaldruid/hoteldruid 3.0.7
Published Mar 11, 2025
Tracked Since Feb 18, 2026