What is the severity of CVE-2025-40619?

CVE-2025-40619 is considered a high severity vulnerability due to its potential for unauthorized access to private areas of the application.

How do I fix CVE-2025-40619?

To fix CVE-2025-40619, implement proper authorization controls to ensure that users can only access areas appropriate to their roles.

What areas of the application are affected by CVE-2025-40619?

CVE-2025-40619 affects multiple areas within the Bookgy application where authorization controls are insufficient.

Who is impacted by CVE-2025-40619?

Any user of the Bookgy application could be impacted by CVE-2025-40619 if unauthorized access to sensitive information occurs.

Is authentication required to exploit CVE-2025-40619?

No, CVE-2025-40619 can be exploited without authentication, allowing malicious actors to access restricted areas.

Vulnerability/
CVE-2025-40619

critical

9.3

CWE

863

EPSS

0.050%

29/4/2025

CVE-2025-40619: Improper access control vulnerability in Bookgy

First published: Tue Apr 29 2025(Updated: )

Bookgy does not provide for proper authorisation control in multiple areas of the application. This deficiency could allow a malicious actor, without authentication, to reach private areas and/or areas intended for other roles.

Credit: cve-coordination@incibe.es

Affected Software	Affected Version	How to fix
Bookgy

Remedy

The vulnerability has been fixed by the Bookgy team in October 2024 and are no longer exploitable today.

Never miss a vulnerability like this again

Reference Links

https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-bookgy

Frequently Asked Questions

What is the severity of CVE-2025-40619?
CVE-2025-40619 is considered a high severity vulnerability due to its potential for unauthorized access to private areas of the application.
How do I fix CVE-2025-40619?
To fix CVE-2025-40619, implement proper authorization controls to ensure that users can only access areas appropriate to their roles.
What areas of the application are affected by CVE-2025-40619?
CVE-2025-40619 affects multiple areas within the Bookgy application where authorization controls are insufficient.
Who is impacted by CVE-2025-40619?
Any user of the Bookgy application could be impacted by CVE-2025-40619 if unauthorized access to sensitive information occurs.
Is authentication required to exploit CVE-2025-40619?
No, CVE-2025-40619 can be exploited without authentication, allowing malicious actors to access restricted areas.

collector/mitre-cve
source/MITRE
agent/title
agent/weakness
agent/remedy
agent/references
agent/type
agent/first-publish-date
agent/description
agent/guess-ai
agent/software-canonical-lookup
agent/softwarecombine
collector/nvd-api
source/NVD
agent/last-modified-date
agent/author
agent/severity
agent/event
collector/epss-latest
source/FIRST
agent/source
agent/tags
agent/epss
vendor/bookgy
canonical/bookgy

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.