Base Score

HIGH8.6

CVE-2025-48205

The sr_feuser_register extension through 12.4.8 for TYPO3 allows Insecure Direct Object Reference.

VectorNETWORK

Published Bycve@mitre.org

Published DateMay 21, 2025, 16:15

Affected Versions(1)

sjbr/sr-feuser-register(Packagist)

Introduced5.1.0

Fixed12.5.0

LimitN/A

Package (Ecosystem)	Introduced	Fixed	Limit
sjbr/sr-feuser-register(Packagist)	5.1.0	12.5.0	N/A

Weakness Type (CWE):CWE-425

CVSS Metrics

Base Score

8.6

Vector String

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

Base Severity

HIGH

Version

3.1

Attack Vector (AV)

NETWORK

Attack Complexity (AC)

LOW

Privileges Required (PR)

NONE

User Interaction (UI)

NONE

Scope (S)

CHANGED

Confidentiality (C)

HIGH

Integrity (I)

NONE

Availability (A)

NONE

References

https://typo3.org/security/advisory/typo3-ext-sa-2025-008

Base Score

HIGH8.6

Weakness Type (CWE):CWE-425

CVSS Metrics

Base Score

8.6

Vector String

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

Base Severity

HIGH

Version

3.1

Attack Vector (AV)

NETWORK

Attack Complexity (AC)

LOW

Privileges Required (PR)

NONE

User Interaction (UI)

NONE

Scope (S)

CHANGED

Confidentiality (C)

HIGH

Integrity (I)

NONE

Availability (A)

NONE