CVE-2025-44203
BaseFortify
Publication date: 2025-06-20
Last updated on: 2025-06-26
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| digitaldruid | hoteldruid | 3.0.0 |
| digitaldruid | hoteldruid | 3.0.7 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-209 | The product generates an error message that includes sensitive information about its environment, users, or associated data. |
| CWE-400 | The product does not properly control the allocation and maintenance of a limited resource. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-44203 is a vulnerability in HotelDruid versions 3.0.0 and 3.0.7 where an unauthenticated attacker can send malformed POST requests to the 'creadb.php' endpoint before the 'create database' button is pressed. This triggers verbose SQL error messages that leak sensitive information such as the administrator's username, password hash, and salt. If the password is weak, the attacker can use this information to recover the plaintext password. Additionally, successful exploitation can cause a denial of service (DoS), preventing the administrator from logging in even with correct credentials. [2]
How can this vulnerability impact me? :
This vulnerability can impact you by exposing sensitive administrator credentials, including username, password hash, and salt, to an unauthenticated attacker. If the password is weak, the attacker may recover the plaintext password and gain unauthorized access to the HotelDruid system. Furthermore, exploitation can cause a denial of service, preventing legitimate administrators from logging in and managing the system, which could disrupt hotel management operations. [2]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by sending malformed POST requests to the 'creadb.php' endpoint before the 'create database' button is pressed and observing if verbose SQL error messages are returned that leak sensitive information such as administrator username, password hash, and salt. Detection can be performed using the provided Python exploit script 'exploit.py' from the GitHub repository, which targets the remote HotelDruid instance by specifying its IP address. Network monitoring tools can also be used to detect unusual POST requests to 'creadb.php'. Specific commands include running the Python script: `python3 exploit.py --target <target_ip>` to test for vulnerability. [2]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include restricting access to the HotelDruid installation by setting the Debian package configuration option 'Restrict HotelDruid access to localhost?' to 'Yes', thereby preventing remote exploitation. Additionally, avoid exposing the 'creadb.php' endpoint to untrusted networks. If possible, update or patch HotelDruid to a version where this vulnerability is fixed or apply any available security updates. Monitoring and blocking malformed POST requests to 'creadb.php' can also help reduce risk. Finally, ensure strong passwords are used during setup to reduce the risk of brute-force attacks on leaked hashes. [2]