CVE-2025-7900
BaseFortify
Publication date: 2025-07-22
Last updated on: 2025-10-07
Assigner: TYPO3
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| typo3 | typo3 | to 6.4.1 (inc) |
| typo3 | typo3 | From 7.0.0 (inc) to 7.5.2 (inc) |
| typo3 | typo3 | From 8.0.0 (inc) to 8.3.0 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-639 | The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
The vulnerability in the femanager extension for TYPO3 is an Insecure Direct Object Reference (IDOR) issue that allows unauthorized users to modify userdata. This means attackers can access and change user information without proper authorization. It affects femanager versions 6.4.1 and below, 7.0.0 to 7.5.2, and 8.0.0 to 8.3.0.
How can this vulnerability impact me? :
This vulnerability can lead to unauthorized modification of user data, potentially compromising user accounts and data integrity. Attackers exploiting this issue could alter sensitive information, which may result in data breaches, loss of trust, and other security risks.