CVE-2025-7900

Summary

The femanager extension for TYPO3 allows Insecure Direct Object Reference resulting in unauthorized modification of userdata. This issue affects femanager version 6.4.1 and below, 7.0.0 to 7.5.2 and 8.0.0 to 8.3.0

Affected Software

VendorProductVersion RangeStatus
TYPO3Extension “femanager”8.0.0 <= 8.3.0affected
TYPO3Extension “femanager”7.0.0 <= 7.5.2affected
TYPO3Extension “femanager”0 <= 6.4.1affected

Weaknesses

  • CWE-639: CWE-639 Authorization Bypass Through User-Controlled Key

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References