CVE-2025-7900 – in2code/femanager

Package

Manager: composer
Name: in2code/femanager
Vulnerable Version: >=0 <6.4.2 || >=7.0.0 <7.5.3 || >=8.0.0 <8.3.1

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

EPSS: 0.0005 pctl0.14977

Details

Femanager extension for TYPO3 allows Insecure Direct Object Reference The femanager extension for TYPO3 allows Insecure Direct Object Reference resulting in unauthorized modification of userdata. This issue affects femanager version 6.4.1 and below, 7.0.0 to 7.5.2 and 8.0.0 to 8.3.0.

Metadata

Created: 2025-07-22T12:30:43Z
Modified: 2025-07-22T14:39:18Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/07/GHSA-rc5f-3hfv-jxp2/GHSA-rc5f-3hfv-jxp2.json
CWE IDs: ["CWE-639"]
Alternative ID: GHSA-rc5f-3hfv-jxp2
Finding: F274
Auto approve: 1