Skip to main content

CVE-2025-30956: CWE-352 Cross-Site Request Forgery (CSRF) in Booqable Rental Software Booqable Rental

Medium
VulnerabilityCVE-2025-30956cvecve-2025-30956cwe-352
Published: Fri Jun 06 2025 (06/06/2025, 12:54:09 UTC)
Source: CVE Database V5
Vendor/Project: Booqable Rental Software
Product: Booqable Rental

Description

Cross-Site Request Forgery (CSRF) vulnerability in Booqable Rental Software Booqable Rental allows Cross Site Request Forgery. This issue affects Booqable Rental: from n/a through 2.4.20.

AI-Powered Analysis

AILast updated: 07/08/2025, 03:41:24 UTC

Technical Analysis

CVE-2025-30956 is a Cross-Site Request Forgery (CSRF) vulnerability identified in Booqable Rental Software, specifically affecting versions up to 2.4.20. CSRF vulnerabilities occur when an attacker tricks an authenticated user into submitting a malicious request to a web application in which they are currently authenticated. This vulnerability allows an attacker to perform unauthorized actions on behalf of the user without their consent, exploiting the trust a web application places in the user's browser. In this case, the vulnerability affects Booqable Rental, a software solution used for managing rental operations. The CVSS 3.1 base score is 4.3, indicating a medium severity level. The vector string (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N) shows that the attack can be launched remotely over the network without any privileges or authentication, but requires user interaction (such as clicking a malicious link). The impact is limited to integrity, with no confidentiality or availability impact. There are no known exploits in the wild at this time, and no patches have been linked yet. The vulnerability is categorized under CWE-352, which is a common web security weakness related to CSRF attacks. The lack of authentication or privileges required to exploit this vulnerability increases the risk, especially in environments where users have elevated permissions within the Booqable Rental application. Attackers could potentially manipulate rental data or transactions by tricking users into executing unintended commands.

Potential Impact

For European organizations using Booqable Rental Software, this vulnerability could lead to unauthorized modification of rental records or transactions, potentially causing financial discrepancies, operational disruptions, or reputational damage. Since the vulnerability requires user interaction, phishing or social engineering campaigns could be used to exploit it. Organizations with high transaction volumes or critical rental operations may face increased risks. The integrity compromise could affect billing accuracy, inventory management, or contractual agreements. While confidentiality and availability are not impacted, the trustworthiness of data and system operations could be undermined. This is particularly relevant for sectors such as equipment rental, event management, or logistics companies operating in Europe that rely on Booqable Rental for their business processes. Regulatory compliance considerations, such as GDPR, may also be implicated if data integrity issues lead to broader data management failures.

Mitigation Recommendations

Given the absence of an official patch, European organizations should implement immediate compensating controls. These include enabling anti-CSRF tokens or mechanisms if supported by the software, or deploying web application firewalls (WAFs) with rules to detect and block CSRF attack patterns targeting Booqable Rental endpoints. Organizations should also enforce strict user education and awareness programs to reduce the risk of phishing and social engineering attacks that could trigger CSRF exploits. Network segmentation and limiting access to the Booqable Rental application to trusted networks can reduce exposure. Monitoring and logging user actions within the application can help detect suspicious activities indicative of CSRF exploitation. Once a patch becomes available, prompt application of updates is critical. Additionally, reviewing and tightening session management, such as implementing SameSite cookie attributes and validating HTTP Referer headers, can further mitigate CSRF risks.

Need more detailed analysis?Get Pro

Technical Details

Data Version
5.1
Assigner Short Name
Patchstack
Date Reserved
2025-03-26T09:22:20.465Z
Cvss Version
3.1
State
PUBLISHED

Threat ID: 6842eddd71f4d251b5c88009

Added to database: 6/6/2025, 1:32:13 PM

Last enriched: 7/8/2025, 3:41:24 AM

Last updated: 8/14/2025, 8:47:36 AM

Views: 16

Actions

PRO

Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.

Please log in to the Console to use AI analysis features.

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

Latest Threats