{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2025-7900","assignerOrgId":"f4fb688c-4412-4426-b4b8-421ecf27b14a","state":"PUBLISHED","assignerShortName":"TYPO3","dateReserved":"2025-07-19T12:40:19.076Z","datePublished":"2025-07-22T10:21:32.123Z","dateUpdated":"2025-07-22T14:17:04.005Z"},"containers":{"cna":{"affected":[{"collectionURL":"https://packagist.org/","defaultStatus":"unaffected","packageName":"in2code/femanager","product":"Extension \"femanager\"","repo":"https://github.com/in2code-de/femanager","vendor":"TYPO3","versions":[{"lessThanOrEqual":"8.3.0","status":"affected","version":"8.0.0","versionType":"semver"},{"lessThanOrEqual":"7.5.2","status":"affected","version":"7.0.0","versionType":"semver"},{"lessThanOrEqual":"6.4.1","status":"affected","version":"0","versionType":"semver"}]}],"credits":[{"lang":"en","type":"reporter","value":"Alexander Freundlieb"}],"datePublic":"2025-07-22T08:00:00.000Z","descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"<div>The femanager extension for TYPO3 allows Insecure Direct Object Reference resulting in unauthorized modification of userdata. This issue affects femanager version <span style=\"background-color: transparent;\">6.4.1 and below, 7.0.0 to 7.5.2 and 8.0.0 to 8.3.0</span></div>"}],"value":"The femanager extension for TYPO3 allows Insecure Direct Object Reference resulting in unauthorized modification of userdata. This issue affects femanager version 6.4.1 and below, 7.0.0 to 7.5.2 and 8.0.0 to 8.3.0"}],"impacts":[{"capecId":"CAPEC-137","descriptions":[{"lang":"en","value":"CAPEC-137 Parameter Injection"}]}],"metrics":[{"cvssV4_0":{"Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","Safety":"NOT_DEFINED","attackComplexity":"LOW","attackRequirements":"NONE","attackVector":"NETWORK","baseScore":5.3,"baseSeverity":"MEDIUM","privilegesRequired":"LOW","providerUrgency":"NOT_DEFINED","subAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","userInteraction":"NONE","valueDensity":"NOT_DEFINED","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N","version":"4.0","vulnAvailabilityImpact":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"LOW","vulnerabilityResponseEffort":"NOT_DEFINED"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-639","description":"CWE-639 Authorization Bypass Through User-Controlled Key","lang":"en","type":"CWE"}]}],"providerMetadata":{"orgId":"f4fb688c-4412-4426-b4b8-421ecf27b14a","shortName":"TYPO3","dateUpdated":"2025-07-22T10:21:32.123Z"},"references":[{"url":"https://typo3.org/security/advisory/typo3-ext-sa-2025-010"}],"source":{"discovery":"UNKNOWN"},"title":"Insecure Direct Object Reference in extension \"femanager\" (femanager)","x_generator":{"engine":"Vulnogram 0.2.0"}},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2025-07-22T14:11:59.841789Z","id":"CVE-2025-7900","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-07-22T14:17:04.005Z"}}]}}