cve/2025/CVE-2025-25747.md

CVE-2025-25747

Description

Cross Site Scripting vulnerability in DigitalDruid HotelDruid v.3.0.7 allows an attacker to execute arbitrary code and obtain sensitive information via the ripristina_backup parameter in the crea_backup.php endpoint

POC

Reference

• https://www.huyvo.net/post/cve-2025-25747-reflected-xss-vulnerability-in-hoteldruid-3-0-7

Github

• https://github.com/huyvo2910/CVE-2025-25747-HotelDruid-3-0-7-Reflected-XSS
• https://github.com/huyvo2910/CVE-2025-25749-Weak-Password-Policy-in-HotelDruid-3.0.7
• https://github.com/huyvo2910/Coordinated-Vulnerability-Disclosure---HotelDruid-3.0.7
• https://github.com/nomi-sec/PoC-in-GitHub
• https://github.com/plzheheplztrying/cve_monitor