CVE-2025-63561 identifies a vulnerability in the Summer Pearl Group Vacation Rental Management Platform prior to version 1.0.2, where the HTTP connection handling layer is susceptible to a Slowloris-style Denial-of-Service attack. Slowloris attacks work by opening many HTTP connections to the target server and sending partial HTTP requests very slowly, thereby keeping these connections open and consuming server resources such as connection pools and worker threads. This exhaustion prevents the server from accepting new legitimate connections, effectively causing a denial of service. The vulnerability does not affect confidentiality or integrity but severely impacts availability. The attack requires no authentication or user interaction and can be launched remotely, making it relatively easy to exploit. The CVSS 3.1 score of 7.5 reflects a high severity due to the potential for widespread service disruption. No patches or exploit code are currently publicly available, but the vendor has indicated that versions prior to 1.0.2 are affected, implying that version 1.0.2 or later likely contains a fix. The underlying weakness corresponds to CWE-400 (Uncontrolled Resource Consumption).

For European organizations using the Summer Pearl Group Vacation Rental Management Platform, this vulnerability could lead to significant service outages, impacting customer experience and operational continuity. The DoS condition could disrupt booking processes, customer management, and API integrations critical to business operations. Given the tourism and hospitality sector's importance in many European economies, especially in countries with high volumes of vacation rentals such as Spain, Italy, France, and Greece, the impact could be economically significant. Additionally, prolonged downtime could damage brand reputation and lead to financial losses. The lack of confidentiality or integrity impact means data breaches are unlikely, but availability loss alone can have severe operational consequences.

Organizations should prioritize upgrading the Summer Pearl Group Vacation Rental Management Platform to version 1.0.2 or later once available. In the interim, implementing network-level protections such as rate limiting on incoming HTTP connections can reduce the risk of resource exhaustion. Deploying web application firewalls (WAFs) or intrusion prevention systems (IPS) configured to detect and block Slowloris-style attacks is recommended. Monitoring server connection metrics and setting thresholds to alert on abnormal connection patterns can provide early warning. Additionally, configuring HTTP servers and load balancers to limit the number of simultaneous connections per client IP and to enforce timeouts on incomplete HTTP requests can mitigate exploitation. Network segmentation and redundancy can also help maintain service availability during an attack.