HotelDruid 3.0.7 weak password flaw (CVE-2025-25749) allows short, common, and reused passwords, exposing accounts to brute force.

Multiple security vulnerabilities have been identified in HotelDruid 3.0.7, including Reflected Cross-Site Scripting (CVE-2025-25747), Cross