CVE-2025-25749

HIGH
2025-03-11 [email protected]
RCE
7.1
CVSS 3.1
Share

CVSS VectorNVD

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L
Attack Vector
Network
Attack Complexity
High
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
Low

Lifecycle Timeline

3
Analysis Generated
Mar 12, 2026 - 19:52 vuln.today
PoC Detected
Apr 07, 2025 - 14:06 vuln.today
Public exploit code
CVE Published
Mar 11, 2025 - 18:15 nvd
HIGH 7.1

DescriptionNVD

An issue in HotelDruid version 3.0.7 and earlier allows users to set weak passwords due to the lack of enforcement of password strength policies.

AnalysisAI

HotelDruid version 3.0.7 and earlier fails to enforce strong password requirements, allowing users to create weak passwords that are easily guessable. This affects anyone using the hotel management software, potentially exposing guest data and booking information. An attacker could exploit weak user passwords to gain unauthorized access to the system and compromise sensitive hotel operations and customer information.

Technical ContextAI

affects HotelDruid. in HotelDruid version 3.0.7 and earlier allows users to set weak passwords due to the lack of enforcement of password strength policies.

Affected ProductsAI

Product: HotelDruid.

RemediationAI

Monitor vendor advisories for a patch. Restrict network access to the affected service where possible.

Share

CVE-2025-25749 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy