{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-21T17:28:14.792","vulnerabilities":[{"cve":{"id":"CVE-2025-7900","sourceIdentifier":"f4fb688c-4412-4426-b4b8-421ecf27b14a","published":"2025-07-22T11:15:24.340","lastModified":"2025-10-07T20:32:46.950","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"The femanager extension for TYPO3 allows Insecure Direct Object Reference resulting in unauthorized modification of userdata. This issue affects femanager version 6.4.1 and below, 7.0.0 to 7.5.2 and 8.0.0 to 8.3.0"},{"lang":"es","value":"La extensión femanager para TYPO3 permite la Referencia Directa a Objetos Insegura, lo que resulta en la modificación no autorizada de datos de usuario. Este problema afecta a las versiones 6.4.1 y anteriores de femanager, de la 7.0.0 a la 7.5.2 y de la 8.0.0 a la 8.3.0."}],"metrics":{"cvssMetricV40":[{"source":"f4fb688c-4412-4426-b4b8-421ecf27b14a","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6}]},"weaknesses":[{"source":"f4fb688c-4412-4426-b4b8-421ecf27b14a","type":"Secondary","description":[{"lang":"en","value":"CWE-639"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*","versionEndIncluding":"6.4.1","matchCriteriaId":"F05BEC96-53F2-4B39-A6CD-985239C7C871"},{"vulnerable":true,"criteria":"cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*","versionStartIncluding":"7.0.0","versionEndIncluding":"7.5.2","matchCriteriaId":"BFD6DF63-E0A8-4869-B596-D47DB4183B3C"},{"vulnerable":true,"criteria":"cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*","versionStartIncluding":"8.0.0","versionEndIncluding":"8.3.0","matchCriteriaId":"FCBE0E0B-4335-47F0-9D34-A51A14B3BFB9"}]}]}],"references":[{"url":"https://typo3.org/security/advisory/typo3-ext-sa-2025-010","source":"f4fb688c-4412-4426-b4b8-421ecf27b14a","tags":["Vendor Advisory"]}]}}]}