UBUNTU-CVE-2025-44203
HotelDruid versions 3.0.0 and 3.0.7 contain a race condition vulnerability in the unauthenticated database setup endpoint creadb.php. This endpoint can be accessed before setup completion and allows concurrent requests to trigger verbose SQL error messages that disclose administrator credentials. The race condition also causes partial setup initialization, preventing administrator login and resulting in a denial of service requiring reinstallation. Remote exploitation requires the installation to permit non-localhost access. The issue was fixed in version 3.0.8.
AI Analysis
Technical Summary
In HotelDruid 3.0.0 and 3.0.7, the unauthenticated endpoint creadb.php used during database setup can be accessed before setup completion. By sending many concurrent requests, an attacker can trigger a race condition that causes verbose SQL error messages to leak the administrator username, password hash, and salt. Additionally, the race condition leaves the setup partially initialized, causing a denial of service by preventing administrator login with the installation credentials. Remote exploitation requires that the installation allows access from non-localhost sources. This vulnerability was fixed in version 3.0.8.
Potential Impact
The vulnerability allows an unauthenticated attacker to obtain sensitive administrator credentials through SQL error message disclosure. It also causes a denial of service by corrupting the setup state, preventing administrator login and requiring reinstallation to recover. Remote exploitation is limited to installations allowing non-localhost access. There are no known exploits in the wild.
Mitigation Recommendations
Upgrade HotelDruid to version 3.0.8 or later, where this vulnerability is fixed. Until then, restrict access to the setup endpoint to localhost only and avoid exposing the setup interface remotely. Patch status is confirmed fixed in 3.0.8.
UBUNTU-CVE-2025-44203
Description
HotelDruid versions 3.0.0 and 3.0.7 contain a race condition vulnerability in the unauthenticated database setup endpoint creadb.php. This endpoint can be accessed before setup completion and allows concurrent requests to trigger verbose SQL error messages that disclose administrator credentials. The race condition also causes partial setup initialization, preventing administrator login and resulting in a denial of service requiring reinstallation. Remote exploitation requires the installation to permit non-localhost access. The issue was fixed in version 3.0.8.
CVSS v3.1
Affected software
pkg:deb/ubuntu/[email protected]?arch=source&distro=xenialpkg:deb/ubuntu/[email protected]?arch=source&distro=bionicpkg:deb/ubuntu/[email protected]?arch=source&distro=focalpkg:deb/ubuntu/[email protected]?arch=source&distro=jammypkg:deb/ubuntu/[email protected]?arch=source&distro=nobleRun on your own infrastructure? Check whether these packages are installed with threat-finder — our free open-source scanner.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
In HotelDruid 3.0.0 and 3.0.7, the unauthenticated endpoint creadb.php used during database setup can be accessed before setup completion. By sending many concurrent requests, an attacker can trigger a race condition that causes verbose SQL error messages to leak the administrator username, password hash, and salt. Additionally, the race condition leaves the setup partially initialized, causing a denial of service by preventing administrator login with the installation credentials. Remote exploitation requires that the installation allows access from non-localhost sources. This vulnerability was fixed in version 3.0.8.
Potential Impact
The vulnerability allows an unauthenticated attacker to obtain sensitive administrator credentials through SQL error message disclosure. It also causes a denial of service by corrupting the setup state, preventing administrator login and requiring reinstallation to recover. Remote exploitation is limited to installations allowing non-localhost access. There are no known exploits in the wild.
Mitigation Recommendations
Upgrade HotelDruid to version 3.0.8 or later, where this vulnerability is fixed. Until then, restrict access to the setup endpoint to localhost only and avoid exposing the setup interface remotely. Patch status is confirmed fixed in 3.0.8.
Technical Details
- Gcve Source
- db.gcve.eu
- Osv Id
- UBUNTU-CVE-2025-44203
- Osv Schema Version
- 1.7.0
- Aliases
- []
- Ecosystems
- ["Ubuntu:16.04:LTS","Ubuntu:18.04:LTS","Ubuntu:20.04:LTS","Ubuntu:22.04:LTS","Ubuntu:24.04:LTS","Ubuntu:25.10"]
- Database Specific Severity
- null
- Cvss Version
- 3.1
Threat ID: 6a58b50768715ace43db2961
Added to database: 07/16/2026, 10:40:07 UTC
Last enriched: 07/16/2026, 14:16:12 UTC
Last updated: 07/16/2026, 14:16:12 UTC
Views: 2
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.