CVE-2025-7900

EPSS 0.20%

Femanager extension for TYPO3 allows Insecure Direct Object Reference

Published: 7/22/2025Modified: 7/22/2025

Description

The femanager extension for TYPO3 allows Insecure Direct Object Reference resulting in unauthorized modification of userdata. This issue affects femanager version 6.4.1 and below, 7.0.0 to 7.5.2 and 8.0.0 to 8.3.0.

Affected packages (1)

Packagist/in2code/femanagerfrom 0, < 6.4.2

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 4.0	—	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

References (4)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2025-7900
PATCHhttps://github.com/in2code-de/femanager
WEBhttps://github.com/in2code-de/femanager/commit/9bd9fbded4cf31f69bfe03c55d406e79050f8069
WEBhttps://typo3.org/security/advisory/typo3-ext-sa-2025-010