CVE-2025-29448

Booking logic flaw in Easy!Appointments v1.5.1 allows unauthenticated attackers to create appointments with excessively long durations, causing a denial of service by blocking all future booking availability.

Published: May 7, 2025
Updated: Aug 11, 2025
CVE: CVE-2025-29448
GHSA: GHSA-hcjv-982c-5f29
Severity: Medium
Exploit:

No technical information available.

CWEs:

CWE-20

Affected Software
References

Software	From	Fixed in
alextselegidis / easyappointments	-	1.5.1.x
easyappointments / easy!appointments	1.5.1	1.5.1.x

https://github.com/Abdullah4eb/CVE-2025-29448
https://github.com/alextselegidis/easyappointments/commit/74633b60f28bdef3cc9f905c0599cef121fee32b

Vulnerability Database

CVE-2025-29448