Base Score

HIGH7.1

CVE-2025-25749

An issue in HotelDruid version 3.0.7 and earlier allows users to set weak passwords due to the lack of enforcement of password strength policies.

VectorNETWORK

Published Bycve@mitre.org

Published DateMar 11, 2025, 18:15

Weakness Type (CWE):CWE-521

CVSS Metrics

Base Score

7.1

Vector String

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L

Base Severity

HIGH

Version

3.1

Attack Vector (AV)

NETWORK

Attack Complexity (AC)

HIGH

Privileges Required (PR)

LOW

User Interaction (UI)

NONE

Scope (S)

UNCHANGED

Confidentiality (C)

HIGH

Integrity (I)

HIGH

Availability (A)

LOW

References

https://www.huyvo.net/post/cve-2025-25749-weak-password-policy-in-hoteldruid-3-0-7

Base Score

HIGH7.1

Weakness Type (CWE):CWE-521

CVSS Metrics

Base Score

7.1

Vector String

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L

Base Severity

HIGH

Version

3.1

Attack Vector (AV)

NETWORK

Attack Complexity (AC)

HIGH

Privileges Required (PR)

LOW

User Interaction (UI)

NONE

Scope (S)

UNCHANGED

Confidentiality (C)

HIGH

Integrity (I)

HIGH

Availability (A)

LOW