Base Score

HIGH8.2

CVE-2025-12998

Improper Authentication vulnerability in TYPO3 Extension "Modules" codingms/modules.This issue affects Extension "Modules": before 4.3.11, from 5.0.0 before 5.7.4, from 6.0.0 before 6.4.2, from 7.0.0 before 7.5.5.

VectorNETWORK

Published Byf4fb688c-4412-4426-b4b8-421ecf27b14a

Published DateNov 12, 2025, 12:15

Affected Versions(4)

codingms/modules(Packagist)

Introduced0

Fixed4.3.11

LimitN/A

codingms/modules(Packagist)

Introduced5.0.0

Fixed5.7.4

LimitN/A

codingms/modules(Packagist)

Introduced7.0.0

Fixed7.5.5

LimitN/A

codingms/modules(Packagist)

Introduced6.0.0

Fixed6.4.2

LimitN/A

Package (Ecosystem)	Introduced	Fixed	Limit
codingms/modules(Packagist)	0	4.3.11	N/A
codingms/modules(Packagist)	5.0.0	5.7.4	N/A
codingms/modules(Packagist)	7.0.0	7.5.5	N/A
codingms/modules(Packagist)	6.0.0	6.4.2	N/A

Weakness Type (CWE):CWE-287

CVSS Metrics

Base Score

8.2

Vector String

CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Base Severity

HIGH

Version

4.0

Attack Vector (AV)

NETWORK

Attack Complexity (AC)

LOW

Privileges Required (PR)

NONE

User Interaction (UI)

NONE

Scope (S)

Confidentiality (C)

Integrity (I)

Availability (A)

References

https://typo3.org/security/advisory/typo3-ext-sa-2025-015

Base Score

HIGH8.2

Weakness Type (CWE):CWE-287

CVSS Metrics

Base Score

8.2

Vector String

CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Base Severity

HIGH

Version

4.0

Attack Vector (AV)

NETWORK

Attack Complexity (AC)

LOW

Privileges Required (PR)

NONE

User Interaction (UI)

NONE

Scope (S)

Confidentiality (C)

Integrity (I)

Availability (A)