CVE-2025-25748

HIGH Year: 2025
CVSS v3 Score
7.3
High
Weakness Type
CWE-352
View all →

Vulnerability Description

A CSRF vulnerability in the gestione_utenti.php endpoint of HotelDruid 3.0.7 allows attackers to perform unauthorized actions (e.g., modifying user passwords) on behalf of authenticated users by exploiting the lack of origin or referrer validation and the absence of CSRF tokens. NOTE: this is disputed because there is an id_sessione CSRF token.

Related Vulnerabilities

CVE-2017-14362

HIGH
CVSS:7.3(High)

Cross-Site Request Forgery vulnerability in Micro Focus Project and Portfolio Management Center, version 9.32. This vulnerability could be exploited to allow a Cross-Site Forgery attack.

CWE-3522017

CVE-2018-13800

HIGH
CVSS:7.3(High)

A vulnerability has been identified in SIMATIC S7-1200 CPU family version 4 (All versions < V4.2.3). The web interface could allow a Cross-Site Request Forgery (CSRF) attack if an unsuspecting user is...

CWE-3522018

CVE-2021-4017

HIGH
CVSS:7.3(High)

showdoc is vulnerable to Cross-Site Request Forgery (CSRF)

CWE-3522021

CVE-2022-43470

HIGH
CVSS:7.3(High)

Cross-site request forgery (CSRF) vulnerability in +F FS040U software versions v2.3.4 and earlier, +F FS020W software versions v4.0.0 and earlier, +F FS030W software versions v3.3.5 and earlier, and +...

CWE-3522022

CVE-2023-5036

HIGH
CVSS:7.3(High)

Cross-Site Request Forgery (CSRF) in GitHub repository usememos/memos prior to 0.15.1.

CWE-3522023

CVE-2024-28731

HIGH
CVSS:7.3(High)

Cross Site Request Forgery vulnerability in DLink DWR 2000M 5G CPE With Wifi 6 Ax1800 and Dlink DWR 5G CPE DWR-2000M_1.34ME allows a local attacker to obtain sensitive information via the Port forward...

CWE-3522024