CVE-2025-69634

Critical

Cross Site Request Forgery vulnerability in Dolibarr ERP & CRM v.22.0.9 allows a remote attacker to escalate privileges via the notes field…

mitre·CWE-284·Published 2026-02-12

CVSS

9.0

EPSS

0.00

KEV

Exploits

cve.orgen

297 chars

Cross Site Request Forgery vulnerability in Dolibarr ERP & CRM v.22.0.9 allows a remote attacker to escalate privileges via the notes field in perms.php NOTE: this is disputed by a third party who indicates that exploitation can only occur if an unprivileged user knows the token of an admin user.

NVDen

297 chars

NVDes

335 chars

Vulnerabilidad de Cross Site Request Forgery en Dolibarr ERP & CRM v.22.0.9 permite a un atacante remoto escalar privilegios a través del campo de notas en perms.PHP. NOTA: esto es disputado por un tercero quien indica que la explotación solo puede ocurrir si un usuario sin privilegios conoce el token de un usuario administrador.

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
3.1	Primary	cve.org	9.0	—	—	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
3.1	Primary	cve.org	9.0	—	—	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H