CVE-2025-5803
BaseFortify
Publication date: 2025-11-06
Last updated on: 2026-04-27
Assigner: Patchstack
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| e4jvikwp | vikbooking_hotel_booking_engine_and_pms | 1.8.2 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-862 | The product does not perform an authorization check when an actor attempts to access a resource or perform an action. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a Missing Authorization issue in the VikBooking Hotel Booking Engine & PMS software. It affects versions up to and including 1.8.2. Missing Authorization means that the software does not properly verify whether a user has permission to perform certain actions, potentially allowing unauthorized users to access or modify data or functionality.
How can this vulnerability impact me? :
The impact of this vulnerability could include unauthorized access to sensitive booking or hotel management data, unauthorized modifications to bookings or system settings, and potential disruption of hotel operations. This could lead to data breaches, loss of customer trust, and operational issues.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
This vulnerability could negatively affect compliance with standards like GDPR or HIPAA because unauthorized access to personal or sensitive data may occur due to missing authorization controls. Such breaches can lead to violations of data protection regulations and result in legal and financial penalties.