CVE-2025-7900

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2025-7900

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-7900.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2025-7900

Aliases

GHSA-rc5f-3hfv-jxp2

Published

2025-07-22T11:15:24.340Z

Modified

2026-04-10T05:36:02.600068Z

Severity

6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N CVSS Calculator

Summary

[none]

Details

The femanager extension for TYPO3 allows Insecure Direct Object Reference resulting in unauthorized modification of userdata. This issue affects femanager version 6.4.1 and below, 7.0.0 to 7.5.2 and 8.0.0 to 8.3.0

References

https://typo3.org/security/advisory/typo3-ext-sa-2025-010

Affected packages

Git / github.com/typo3/typo3.cms

Affected ranges

Type

GIT

Repo

https://github.com/typo3/typo3.cms

Events

Introduced

a9a68ed6a41c86e6d46629c15ca4bdffe85344f1

Last affected

ce3a12b18327f3fa232fa00e94f7c6fd57b55743

Database specific

{
    "versions": [
        {
            "introduced": "8.0.0"
        },
        {
            "last_affected": "8.3.0"
        }
    ]
}

Affected versions

8.*

8.0.0

8.1.0

8.2.0

8.3.0

Other

TYPO3_8-0-0

TYPO3_8-1-0

TYPO3_8-2-0

TYPO3_8-3-0

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-7900.json"

unresolved_ranges

[
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "6.4.1"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "7.0.0"
            },
            {
                "last_affected": "7.5.2"
            }
        ]
    }
]