Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2025-7900

The femanager extension for TYPO3 allows Insecure Direct Object Reference resulting in unauthorized modification of userdata. This issue affects femanager version 6.4.1 and below, 7.0.0 to 7.5.2 and 8.0.0 to 8.3.0

Published

2025-07-22T11:15:24.340

Last Modified

2025-10-07T20:32:46.950

Status

Analyzed

Source

f4fb688c-4412-4426-b4b8-421ecf27b14a

Severity

CVSSv3.1: 6.5 (MEDIUM)

Weaknesses

Type: Secondary
CWE-639

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	typo3	typo3	≤ 6.4.1	Yes
Application	typo3	typo3	≤ 7.5.2	Yes
Application	typo3	typo3	≤ 8.3.0	Yes

References

https://typo3.org/security/advisory/typo3-ext-sa-2025-010 Vendor Advisory (f4fb688c-4412-4426-b4b8-421ecf27b14a)