CVE-2025-7899

EPSS 0.27%

Powermail extension for TYPO3 allows Insecure Direct Object Reference

發布日:2025/7/22修改日:2025/7/22

描述

The powermail extension for TYPO3 allows Insecure Direct Object Reference resulting in download of arbitrary files from the webserver. This issue affects powermail version 12.0.0 up to 12.5.2 and version 13.0.0.

受影響套件(1)

Packagist/in2code/powermail>= 12.0.0, < 12.5.3

CVSS 分數

來源	版本	嚴重程度	向量
osv	CVSS 4.0	—	CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

參考連結(4)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2025-7899
PATCHhttps://github.com/in2code-de/powermail
WEBhttps://github.com/in2code-de/powermail/commit/b39e129c5e2a797f0ccf271fea220c7933ca77bc
WEBhttps://typo3.org/security/advisory/typo3-ext-sa-2025-009