CVE-2025-40619 Information

Description

Bookgy does not provide for proper authorisation control in multiple areas of the application. This deficiency could allow a malicious actor without authentication to reach private areas and/or areas intended for other roles.

Reference

https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-bookgy