Home / Vulnerability Intelligence / CVE-2025-69634

CVE-2025-69634 - Vulnerability Analysis

CriticalCVSS: 9.0

Last Updated: February 14, 2026

Dolibarr ERP & CRM - Cross Site Request Forgery

Published: February 12, 2026Updated: February 14, 2026Remote Exploitable

Overview

Dolibarr ERP & CRM v.22.0.9 contains a cross site request forgery caused by insufficient request validation in perms.php notes field, letting remote attackers escalate privileges.

Severity & Score

Severity: Critical

CVSS Score: 9.0

EPSS Score: 4.6%(Probability of exploitation in next 30 days)

Impact

Remote attackers can escalate their privileges, potentially gaining unauthorized access or control.

Mitigation

Update to the latest version.

References

Social Media Activity(1 post)

TheHackerWire

@thehackerwire

Feb 12, 2026

🔴 CVE-2025-69634 - Critical (9) Cross Site Request Forgery vulnerability in Dolibarr ERP & CRM v.22.0.9 allows a remote attacker to escalate privileges via the notes field in perms.php 🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-69634/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post

Related Resources

Details

CVE ID: CVE-2025-69634
Severity: Critical
CVSS Score: 9.0
Type: cross_site_request_forgery
Status: unconfirmed
EPSS: 4.6%
Social Posts: 1

CWE

CWE-284

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

EPSS Score

4.6%Probability of exploitation in the next 30 days