CVE-2025-7900

MEDIUM

TYPO3 femanager <6.4.1, 7.0.0-7.5.2, 8.0.0-8.3.0 - Info Disclosure

Title source: llm

Description

The femanager extension for TYPO3 allows Insecure Direct Object Reference resulting in unauthorized modification of userdata. This issue affects femanager version 6.4.1 and below, 7.0.0 to 7.5.2 and 8.0.0 to 8.3.0

References (1)

[Vendor Advisory] https://typo3.org/security/advisory/typo3-ext-sa-2025-010

Scores

CVSS v3 6.5

EPSS 0.0004

EPSS Percentile 13.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Classification

CWE

CWE-639

Status published

Affected Products (2)

typo3/typo3 < 6.4.1

in2code/femanager < 6.4.2Packagist

Timeline

Published Jul 22, 2025

Tracked Since Feb 18, 2026