CVE-2025-25748

CVE-2025-25748 is a cross-site request forgery (CSRF) vulnerability, classified under CWE-352, affecting the gestione_utenti.php endpoint in HotelDruid version 3.0.7. Published on 2025-03-11, it stems from a lack of origin or referrer validation and the absence of CSRF tokens, enabling attackers to perform unauthorized actions—such as modifying user passwords—on behalf of authenticated users. The vulnerability carries a CVSS v3.1 base score of 7.3 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L). It is disputed, however, due to the presence of an id_sessione CSRF token in the software.

Exploitation requires local access and low privileges, meaning an attacker must target an already-authenticated user with low privileges. The low attack complexity and lack of required user interaction (beyond the victim's authentication state) allow attackers to craft malicious requests that the victim submits unwittingly, such as via a malicious webpage. Successful exploitation grants high confidentiality and integrity impacts—enabling actions like password changes—and a low availability impact.

Advisory details are available in the referenced post at https://www.huyvo.net/post/cve-2025-25748-cross-site-request-forgery-csrf-vulnerability-in-hoteldruid-3-0-7. No specific patch or mitigation guidance is provided in the CVE description.