CVE-2025-69634
📋 TL;DR
A Cross-Site Request Forgery (CSRF) vulnerability in Dolibarr ERP & CRM v22.0.9 allows remote attackers to escalate privileges by exploiting the notes field in perms.php. This affects all users running the vulnerable version, potentially enabling unauthorized administrative access.
💻 Affected Systems
- Dolibarr ERP & CRM
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Attackers gain full administrative control over the Dolibarr instance, allowing data theft, system compromise, and further exploitation of the network.
Likely Case
Privilege escalation leading to unauthorized access to sensitive business data and system functions.
If Mitigated
Limited impact with proper CSRF protections and access controls in place.
🎯 Exploit Status
Exploitation requires the victim to be authenticated and visit a malicious page.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: v22.0.10 or later
Vendor Advisory: https://github.com/Dolibarr/dolibarr/releases
Restart Required: No
Instructions:
1. Backup your Dolibarr instance. 2. Update to Dolibarr v22.0.10 or later via the official repository or download. 3. Verify the update applied correctly.
🔧 Temporary Workarounds
Implement CSRF Tokens
allAdd CSRF protection to the perms.php endpoint manually.
Modify perms.php to include CSRF token validation. Refer to Dolibarr documentation for implementation details.
Restrict Access
linuxLimit access to perms.php to trusted IP addresses only.
Add IP-based restrictions in your web server configuration (e.g., Apache .htaccess or Nginx config).
🧯 If You Can't Patch
- Implement strict access controls and monitor for unauthorized privilege changes.
- Use web application firewalls (WAF) to block CSRF attempts and restrict administrative interfaces.
🔍 How to Verify
Check if Vulnerable:
Check if running Dolibarr v22.0.9 by reviewing the version in the admin panel or configuration files.Check Version:
Check the Dolibarr admin dashboard or inspect the main.inc.php file for version details.Verify Fix Applied:
Confirm the version is updated to v22.0.10 or later and test CSRF protection on perms.php.📡 Detection & Monitoring
Log Indicators:
- Unusual privilege escalation events in Dolibarr logs
- Multiple failed or unexpected access attempts to perms.php
Network Indicators:
- Suspicious HTTP POST requests to perms.php from untrusted sources
SIEM Query:
Search for HTTP requests to 'perms.php' with parameters indicating privilege changes from non-admin users.