CVE-2025-5185

Vulnerability

Description A cross-site request forgery (CSRF) vulnerability exists in Summer Pearl Group's Vacation Rental Management Platform, affecting versions up to and including 1.0.1. The exact functionality impacted is unspecified, but the issue stems from insufficient or missing anti-CSRF protections. This class of vulnerability allows an attacker to trick an authenticated user into executing unintended actions within the application, such as modifying settings or making data changes, without the user's consent.

Exploitation

Conditions Exploitation is possible remotely, meaning an attacker can craft a link or script that, when visited by a logged-in user, performs actions on their behalf. No special network access beyond standard web delivery is required, and the attack leverages the victim's browser session. The victim must be authenticated to the platform when the forged request is triggered.

Impact

Successful exploitation enables the attacker to perform state-changing operations on behalf of the victim, potentially including modifying booking data, changing user permissions, or other administrative functions. This could lead to unauthorized changes and degrade the integrity and trustworthiness of the rental management system.

Mitigation

The vendor has addressed the vulnerability with the release of version 1.0.2, and upgrading is recommended [1]. Users should apply this update to prevent exploitation. No workarounds or alternative mitigations are detailed by the vendor.