CVE-2025-7900

Source
https://cve.org/CVERecord?id=CVE-2025-7900
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-7900.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2025-7900
Aliases
Published
2025-07-22T10:21:32.123Z
Modified
2026-07-15T01:49:16.733319571Z
Severity
  • 5.3 (Medium) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N CVSS Calculator
Summary
Insecure Direct Object Reference in extension "femanager" (femanager)
Details

The femanager extension for TYPO3 allows Insecure Direct Object Reference resulting in unauthorized modification of userdata. This issue affects femanager version 6.4.1 and below, 7.0.0 to 7.5.2 and 8.0.0 to 8.3.0

Database specific
{
    "cna_assigner": "TYPO3",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/7xxx/CVE-2025-7900.json",
    "cwe_ids": [
        "CWE-639"
    ]
}
References

Affected packages

Git / github.com/in2code-de/femanager

Affected ranges

Type
GIT
Repo
https://github.com/in2code-de/femanager
Events
Introduced
Last affected
Introduced
Last affected
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
Database specific
{
    "source": "AFFECTED_FIELD",
    "extracted_events": [
        {
            "introduced": "8.0.0"
        },
        {
            "last_affected": "8.3.0"
        },
        {
            "introduced": "7.0.0"
        },
        {
            "last_affected": "7.5.2"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "6.4.1"
        }
    ]
}
Type
GIT
Repo
https://github.com/typo3/typo3
Events
Database specific
{
    "cpe": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
    "source": "CPE_RANGE",
    "extracted_events": [
        {
            "introduced": "8.0.0"
        },
        {
            "last_affected": "8.3.0"
        }
    ]
}

Affected versions

1.*
1.0.0
1.0.1
1.0.10
1.0.2
1.0.3
1.0.4
1.0.5
1.0.6
1.0.7
1.0.8
1.2.0
1.5.1
6.*
6.3.1
6.3.3
6.3.4
6.3.5
6.3.6
6.4.0
6.4.1
7.*
7.0.0
7.0.1
7.1.0
7.1.1
7.2.0
7.2.1
7.2.3
7.3.0
7.4.0
7.4.1
7.5.0
7.5.1
7.5.2
8.*
8.0.0
8.0.1
8.1.0
8.2.0
8.2.1
8.3.0
Other
TYPO3_8-0-0
TYPO3_8-1-0
TYPO3_8-2-0
TYPO3_8-3-0

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-7900.json"