CVE-2025-7900

The femanager extension for TYPO3 allows Insecure Direct Object Reference resulting in unauthorized modification of userdata. This issue affects femanager version 6.4.1 and below, 7.0.0 to 7.5.2 and 8.0.0 to 8.3.0
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.5 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
TYPO3CNA
---
---
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 15%
VendorProductVersion
typo3typo3
𝑥
≤ 6.4.1
typo3typo3
7.0.0 ≤
𝑥
≤ 7.5.2
typo3typo3
8.0.0 ≤
𝑥
≤ 8.3.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://typo3.org/security/advisory/typo3-ext-sa-2025-010