CVE-2025-48202: The femanager TYPO3 extension allows Insecure Direct Object Reference
Insecure Direct Object Reference (IDOR) in the femanager TYPO3 extension allows attackers to view frontend user data via a user parameter in the newAction of the newController.
References
- github.com/FriendsOfPHP/security-advisories/blob/master/in2code/femanager/CVE-2025-48202.yaml
- github.com/advisories/GHSA-xxwr-wv9g-7jw3
- github.com/in2code-de/femanager
- github.com/in2code-de/femanager/commit/54851f8f60254bd8060bdf7bc16d56f4de7bd828
- nvd.nist.gov/vuln/detail/CVE-2025-48202
- typo3.org/security/advisory/typo3-ext-sa-2025-006
Code Behaviors & Features
Detect and mitigate CVE-2025-48202 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →