CVE-2025-40619— Improper access control vulnerability in Bookgy

EPSS 0.17% · P38 Updated Apr 30, 2025

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2025-40619

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

Improper access control vulnerability in Bookgy

Source: NVD (National Vulnerability Database)

Vulnerability Description

Bookgy does not provide for proper authorisation control in multiple areas of the application. This deficiency could allow a malicious actor, without authentication, to reach private areas and/or areas intended for other roles.

Source: NVD (National Vulnerability Database)

CVSS Information

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Type

授权机制不正确

Source: NVD (National Vulnerability Database)

Vulnerability Title

Bookgy 安全漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

Bookgy是Bookgy公司的一个适用于所有类型中小型企业的在线预约管理和预订系统。 Bookgy存在安全漏洞，该漏洞源于授权控制不足，可能导致未经验证的用户访问私有区域。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
Bookgy	Bookgy	all versions	-

II. Public POCs for CVE-2025-40619

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2025-40619

请登录查看更多情报信息。

Same Patch Batch · Bookgy · 2025-04-29 · 5 CVEs total

CVE-2025-40616		Reflected Cross-Site Scripting (XSS) vulnerability in Bookgy
CVE-2025-40615		Reflected Cross-Site Scripting (XSS) vulnerability in Bookgy
CVE-2025-40617		SQL injection vulnerability in Bookgy
CVE-2025-40618		SQL injection vulnerability in Bookgy

IV. Related Vulnerabilities

Same product: Bookgy

Same vendor: Bookgy

Same weakness: CWE-863

V. Comments for CVE-2025-40619

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2025-40619— Improper access control vulnerability in Bookgy

I. Basic Information for CVE-2025-40619

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2025-40619

III. Intelligence Information for CVE-2025-40619

Same Patch Batch · Bookgy · 2025-04-29 · 5 CVEs total

IV. Related Vulnerabilities

V. Comments for CVE-2025-40619

Leave a comment