{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/89489?format=json","vulnerability_id":"VCID-py67-h37a-kkc7","summary":"A CSRF vulnerability in the gestione_utenti.php endpoint of HotelDruid 3.0.7 allows attackers to perform unauthorized actions (e.g., modifying user passwords) on behalf of authenticated users by exploiting the lack of origin or referrer validation and the absence of CSRF tokens. NOTE: this is disputed because there is an id_sessione CSRF token.","aliases":[{"alias":"CVE-2025-25748"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1075526?format=json","purl":"pkg:deb/debian/hoteldruid@3.0.8-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/hoteldruid@3.0.8-1"},{"url":"http://public2.vulnerablecode.io/api/packages/45248?format=json","purl":"pkg:deb/debian/hoteldruid@3.0.8-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/hoteldruid@3.0.8-1%3Fdistro=sid"}],"affected_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/45247?format=json","purl":"pkg:deb/debian/hoteldruid@3.0.1-1?distro=sid","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2nn9-rgza-87d9"},{"vulnerability":"VCID-4srd-dyed-eyb3"},{"vulnerability":"VCID-558m-mc3y-gkda"},{"vulnerability":"VCID-8fx9-nzvp-ayca"},{"vulnerability":"VCID-bet7-9s79-sqgx"},{"vulnerability":"VCID-bxr7-mb6r-k3fq"},{"vulnerability":"VCID-cfps-neu3-e3cs"},{"vulnerability":"VCID-eh1x-tdqf-eugs"},{"vulnerability":"VCID-etv3-tzr4-wber"},{"vulnerability":"VCID-hn36-tbmp-pfey"},{"vulnerability":"VCID-jt8r-epyb-6ue8"},{"vulnerability":"VCID-jv6q-8jm8-6ubr"},{"vulnerability":"VCID-kx2f-y9xu-m3gp"},{"vulnerability":"VCID-mjg4-ypwn-h3dk"},{"vulnerability":"VCID-n6bb-64gm-67ba"},{"vulnerability":"VCID-pqug-d16y-x3fs"},{"vulnerability":"VCID-pu4m-tx6g-k7cb"},{"vulnerability":"VCID-py67-h37a-kkc7"},{"vulnerability":"VCID-qbz2-j8pb-eqhu"},{"vulnerability":"VCID-ran2-h83t-wke6"},{"vulnerability":"VCID-smee-4ac2-m7dc"},{"vulnerability":"VCID-tf4k-sdp1-tudg"},{"vulnerability":"VCID-wv1z-u3ra-3uhw"},{"vulnerability":"VCID-z46c-xy46-skbf"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/hoteldruid@3.0.1-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1075524?format=json","purl":"pkg:deb/debian/hoteldruid@3.0.1-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2nn9-rgza-87d9"},{"vulnerability":"VCID-4srd-dyed-eyb3"},{"vulnerability":"VCID-558m-mc3y-gkda"},{"vulnerability":"VCID-8fx9-nzvp-ayca"},{"vulnerability":"VCID-bet7-9s79-sqgx"},{"vulnerability":"VCID-bxr7-mb6r-k3fq"},{"vulnerability":"VCID-cfps-neu3-e3cs"},{"vulnerability":"VCID-eh1x-tdqf-eugs"},{"vulnerability":"VCID-etv3-tzr4-wber"},{"vulnerability":"VCID-hn36-tbmp-pfey"},{"vulnerability":"VCID-jt8r-epyb-6ue8"},{"vulnerability":"VCID-jv6q-8jm8-6ubr"},{"vulnerability":"VCID-kx2f-y9xu-m3gp"},{"vulnerability":"VCID-mjg4-ypwn-h3dk"},{"vulnerability":"VCID-n6bb-64gm-67ba"},{"vulnerability":"VCID-pqug-d16y-x3fs"},{"vulnerability":"VCID-pu4m-tx6g-k7cb"},{"vulnerability":"VCID-py67-h37a-kkc7"},{"vulnerability":"VCID-qbz2-j8pb-eqhu"},{"vulnerability":"VCID-ran2-h83t-wke6"},{"vulnerability":"VCID-smee-4ac2-m7dc"},{"vulnerability":"VCID-tf4k-sdp1-tudg"},{"vulnerability":"VCID-wv1z-u3ra-3uhw"},{"vulnerability":"VCID-z46c-xy46-skbf"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/hoteldruid@3.0.1-1"},{"url":"http://public2.vulnerablecode.io/api/packages/1075525?format=json","purl":"pkg:deb/debian/hoteldruid@3.0.4-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-8fx9-nzvp-ayca"},{"vulnerability":"VCID-bxr7-mb6r-k3fq"},{"vulnerability":"VCID-cfps-neu3-e3cs"},{"vulnerability":"VCID-eh1x-tdqf-eugs"},{"vulnerability":"VCID-etv3-tzr4-wber"},{"vulnerability":"VCID-hn36-tbmp-pfey"},{"vulnerability":"VCID-jt8r-epyb-6ue8"},{"vulnerability":"VCID-jv6q-8jm8-6ubr"},{"vulnerability":"VCID-kx2f-y9xu-m3gp"},{"vulnerability":"VCID-pqug-d16y-x3fs"},{"vulnerability":"VCID-py67-h37a-kkc7"},{"vulnerability":"VCID-qbz2-j8pb-eqhu"},{"vulnerability":"VCID-ran2-h83t-wke6"},{"vulnerability":"VCID-smee-4ac2-m7dc"},{"vulnerability":"VCID-tf4k-sdp1-tudg"},{"vulnerability":"VCID-wv1z-u3ra-3uhw"},{"vulnerability":"VCID-z46c-xy46-skbf"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/hoteldruid@3.0.4-1"},{"url":"http://public2.vulnerablecode.io/api/packages/45245?format=json","purl":"pkg:deb/debian/hoteldruid@3.0.4-1?distro=sid","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-8fx9-nzvp-ayca"},{"vulnerability":"VCID-bxr7-mb6r-k3fq"},{"vulnerability":"VCID-cfps-neu3-e3cs"},{"vulnerability":"VCID-eh1x-tdqf-eugs"},{"vulnerability":"VCID-etv3-tzr4-wber"},{"vulnerability":"VCID-hn36-tbmp-pfey"},{"vulnerability":"VCID-jt8r-epyb-6ue8"},{"vulnerability":"VCID-jv6q-8jm8-6ubr"},{"vulnerability":"VCID-kx2f-y9xu-m3gp"},{"vulnerability":"VCID-pqug-d16y-x3fs"},{"vulnerability":"VCID-py67-h37a-kkc7"},{"vulnerability":"VCID-qbz2-j8pb-eqhu"},{"vulnerability":"VCID-ran2-h83t-wke6"},{"vulnerability":"VCID-smee-4ac2-m7dc"},{"vulnerability":"VCID-tf4k-sdp1-tudg"},{"vulnerability":"VCID-wv1z-u3ra-3uhw"},{"vulnerability":"VCID-z46c-xy46-skbf"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/hoteldruid@3.0.4-1%3Fdistro=sid"}],"references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-25748","reference_id":"","reference_type":"","scores":[{"value":"0.00077","scoring_system":"epss","scoring_elements":"0.2317","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00077","scoring_system":"epss","scoring_elements":"0.23365","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00077","scoring_system":"epss","scoring_elements":"0.23377","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00077","scoring_system":"epss","scoring_elements":"0.23355","published_at":"2026-06-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-25748"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-25748","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-25748"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1101015","reference_id":"1101015","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1101015"},{"reference_url":"https://www.huyvo.net/post/cve-2025-25748-cross-site-request-forgery-csrf-vulnerability-in-hoteldruid-3-0-7","reference_id":"cve-2025-25748-cross-site-request-forgery-csrf-vulnerability-in-hoteldruid-3-0-7","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-21T20:39:47Z/"}],"url":"https://www.huyvo.net/post/cve-2025-25748-cross-site-request-forgery-csrf-vulnerability-in-hoteldruid-3-0-7"}],"weaknesses":[],"exploits":[],"severity_range_score":"7.3 - 7.3","exploitability":"0.5","weighted_severity":"3.6","risk_score":1.8,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-py67-h37a-kkc7"}