CVE-2025-7900 | THREATINT

Description

The femanager extension for TYPO3 allows Insecure Direct Object Reference resulting in unauthorized modification of userdata. This issue affects femanager version 6.4.1 and below, 7.0.0 to 7.5.2 and 8.0.0 to 8.3.0

PUBLISHED Reserved 2025-07-19 | Published 2025-07-22 | Updated 2025-07-22 | Assigner TYPO3

MEDIUM: 5.3CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

Problem types

CWE-639 Authorization Bypass Through User-Controlled Key

Product status

Default status

unaffected

8.0.0 (semver)

affected

7.0.0 (semver)

affected

Any version

affected

Credits

Alexander Freundlieb reporter

References

typo3.org/security/advisory/typo3-ext-sa-2025-010

cve.org (CVE-2025-7900)

nvd.nist.gov (CVE-2025-7900)

Download JSON