# CVE-2025-29448 # Description booking logic flaw in Easy!Appointments v1.5.1 allows unauthenticated attackers to create appointments with excessively long durations, causing a denial of service by blocking all future booking availability. # Steps to Reproduce 1. Intercept an appointment booking request. 2. Locate the `post_data[appointment][end_datetime]` parameter in the request body. 3. Modify the parameter value to a date far in the future and send the request. 4. The application accepts the long booking, blocking all future availability and causing a denial of service. # Fixed in Commit https://github.com/alextselegidis/easyappointments/commit/74633b60f28bdef3cc9f905c0599cef121fee32b