CVE-2025-25749
published 2025-03-11CVE-2025-25749: An issue in HotelDruid version 3.0.7 and earlier allows users to set weak passwords due to the lack of enforcement of password strength policies.
PriorityP340high7.1CVSS 3.1
AVNACHPRLUINSUCHIHAL
EPSS
0.56%
42.6th percentile
An issue in HotelDruid version 3.0.7 and earlier allows users to set weak passwords due to the lack of enforcement of password strength policies.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | hoteldruid | < hoteldruid 3.0.8-1 (sid) | hoteldruid 3.0.8-1 (sid) |
| digitaldruid | hoteldruid | <= 3.0.7 | — |
CVSS provenance
nvdv3.17.1HIGHCVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L
osv7.1HIGH
vendor_debian7.1HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-2q6p-3x6p-8mcf: An issue in HotelDruid version 3
ghsa_unreviewed·2025-03-11
CVE-2025-25749 [HIGH] CWE-521 GHSA-2q6p-3x6p-8mcf: An issue in HotelDruid version 3
An issue in HotelDruid version 3.0.7 and earlier allows users to set weak passwords due to the lack of enforcement of password strength policies.
OSV
CVE-2025-25749: An issue in HotelDruid version 3
osv·2025-03-11·CVSS 7.1
CVE-2025-25749 [HIGH] CVE-2025-25749: An issue in HotelDruid version 3
An issue in HotelDruid version 3.0.7 and earlier allows users to set weak passwords due to the lack of enforcement of password strength policies.
Debian
CVE-2025-25749: hoteldruid - An issue in HotelDruid version 3.0.7 and earlier allows users to set weak passwo...
vendor_debian·2025·CVSS 7.1
CVE-2025-25749 [HIGH] CVE-2025-25749: hoteldruid - An issue in HotelDruid version 3.0.7 and earlier allows users to set weak passwo...
An issue in HotelDruid version 3.0.7 and earlier allows users to set weak passwords due to the lack of enforcement of password strength policies.
Scope: local
bookworm: open
bullseye: open
sid: resolved (fixed in 3.0.8-1)
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2025-03-11
Published