Base Score

HIGH8.6

CVE-2025-48207

The reint_downloadmanager extension through 5.0.0 for TYPO3 allows Insecure Direct Object Reference.

VectorNETWORK

Published Bycve@mitre.org

Published DateMay 21, 2025, 16:15

Affected Versions(2)

renolit/reint-downloadmanager(Packagist)

Introduced5.0.0

Fixed5.0.1

LimitN/A

renolit/reint-downloadmanager(Packagist)

Introduced0

Fixed4.0.2

LimitN/A

Package (Ecosystem)	Introduced	Fixed	Limit
renolit/reint-downloadmanager(Packagist)	5.0.0	5.0.1	N/A
renolit/reint-downloadmanager(Packagist)	0	4.0.2	N/A

Weakness Type (CWE):CWE-425

CVSS Metrics

Base Score

8.6

Vector String

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

Base Severity

HIGH

Version

3.1

Attack Vector (AV)

NETWORK

Attack Complexity (AC)

LOW

Privileges Required (PR)

NONE

User Interaction (UI)

NONE

Scope (S)

CHANGED

Confidentiality (C)

HIGH

Integrity (I)

NONE

Availability (A)

NONE

References

https://typo3.org/security/advisory/typo3-ext-sa-2025-004

Base Score

HIGH8.6

Weakness Type (CWE):CWE-425

CVSS Metrics

Base Score

8.6

Vector String

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

Base Severity

HIGH

Version

3.1

Attack Vector (AV)

NETWORK

Attack Complexity (AC)

LOW

Privileges Required (PR)

NONE

User Interaction (UI)

NONE

Scope (S)

CHANGED

Confidentiality (C)

HIGH

Integrity (I)

NONE

Availability (A)

NONE