CVE Catalog

CVE-2025-68052

HighCVSS 8.8
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.14%

4th percentile — higher than 4% of all known CVEs

Summary

The vulnerability allows an unauthenticated Cross-Site Request Forgery (CSRF) attack in Eagle Booking versions up to 1.3.4.3. An attacker can trick an administrator into performing unintended actions, such as changing settings or adding new users.

Risk Assessment

The risk involves potential takeover of an administrator account by sending a crafted request, which may lead to compromise of the booking system's integrity and confidentiality.

Recommendation

It is recommended to immediately update the Eagle Booking plugin to the latest version and implement CSRF protection mechanisms, such as anti-CSRF tokens and Origin header validation.

Original NVD description (English source)

Unauthenticated Cross Site Request Forgery (CSRF) in Eagle Booking <= 1.3.4.3 versions.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS