CVE-2025-69634 is a Cross Site Request Forgery (CSRF) vulnerability identified in Dolibarr ERP & CRM version 22.0.9. The vulnerability resides in the perms.php script, specifically through the notes field, which can be manipulated by a remote attacker to escalate privileges without requiring direct authentication. CSRF attacks exploit the trust a web application places in a user's browser by tricking the victim into submitting unauthorized requests. In this case, an attacker could craft a malicious web page or link that, when visited by an authenticated user, causes the victim's browser to send a forged request to perms.php, modifying permissions or escalating privileges. This could allow the attacker to gain administrative rights or other elevated access within the Dolibarr system. The vulnerability is particularly dangerous because it leverages the victim's existing session and does not require the attacker to have direct access credentials. Although no known exploits are currently reported in the wild, the vulnerability's presence in a widely used ERP and CRM platform makes it a significant risk. No CVSS score has been assigned yet, and no official patches are currently linked, indicating that organizations should monitor for updates and apply mitigations proactively.

For European organizations, the impact of this vulnerability could be substantial. Dolibarr ERP & CRM is used by many small to medium enterprises across Europe to manage critical business functions such as customer relationship management, invoicing, and project management. Unauthorized privilege escalation could lead to unauthorized access to sensitive business data, manipulation of financial records, disruption of business operations, and potential compliance violations under regulations like GDPR. Attackers gaining administrative control could also implant further malware or backdoors, leading to extended compromise. The lack of authentication requirement and the ability to exploit via CSRF increase the attack surface, especially in environments where users access Dolibarr through web browsers without additional security controls. This could result in significant operational and reputational damage to affected organizations.

Organizations should immediately review access controls to perms.php and restrict access to trusted users only. Implementing anti-CSRF tokens and verifying the origin of requests in Dolibarr can prevent unauthorized requests from being processed. Network segmentation and web application firewalls (WAFs) can be configured to detect and block suspicious CSRF attempts targeting perms.php. Users should be educated about the risks of clicking on untrusted links or visiting suspicious websites while authenticated to Dolibarr. Monitoring logs for unusual permission changes or access patterns can help detect exploitation attempts early. Since no official patch is currently available, organizations should follow Dolibarr’s security advisories closely and apply updates promptly once released. Additionally, enforcing multi-factor authentication (MFA) for administrative access can reduce the risk of privilege escalation.