Home

Description

The femanager extension through 8.2.1 for TYPO3 allows Insecure Direct Object Reference.

PUBLISHED Reserved 2025-05-17 | Published 2025-05-21 | Updated 2025-05-21 | Assigner mitre




MEDIUM: 5.3CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Problem types

CWE-425 Direct Request ('Forced Browsing')

Product status

Default status
unknown

5.5.0 (semver) before 5.5.5
affected

6.0.0 (semver) before 6.4.1
affected

7.0.0 (semver) before 7.4.2
affected

8.0.0 (semver) before 8.2.2
affected

References

typo3.org/security/advisory/typo3-ext-sa-2025-006

cve.org (CVE-2025-48202)

nvd.nist.gov (CVE-2025-48202)

Download JSON