Browse all 5 CVE security advisories affecting rommapp. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Rommapp serves as a room management and booking system for hotels and similar accommodations. Historically, the application has been vulnerable to multiple security issues including remote code execution, cross-site scripting, and privilege escalation vulnerabilities. These weaknesses often stem from insufficient input validation and improper access controls. While no major public security incidents have been widely documented, the presence of five CVEs indicates ongoing security concerns. The application's web interface and API endpoints have been particularly susceptible to injection attacks and authentication bypasses, potentially allowing unauthorized access to sensitive guest data and system controls.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2025-65097 | Insecure Direct Object Reference (IDOR) Allows Unauthorized Deletion of User Collections — rommCWE-284 | 6.5AI | MediumAI | 2025-12-03 |
| CVE-2025-65096 | RomM Insecure Direct Object Reference (IDOR) Allows Unauthorized Access to Private Collections — rommCWE-284 | 6.5AI | MediumAI | 2025-12-03 |
| CVE-2025-65027 | RomM Chained XSS and CSRF Vulnerabilities Enable Admin Account Takeover — rommCWE-79 | 7.6 | High | 2025-12-03 |
| CVE-2025-54071 | RomM's authenticated arbitrary file write vulnerability can lead to Remote Code Execution — rommCWE-434 | 8.8 | - | 2025-07-21 |
| CVE-2025-53908 | RomM vulnerable to Authenticated Path Traversal — rommCWE-26 | 6.5AI | MediumAI | 2025-07-16 |
This page lists every published CVE security advisory associated with rommapp. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.