CVE-2025-48207: reint_downloadmanager TYPO3 Extension is susceptible to Insecure Direct Object Reference
Insecure Direct Object Reference in the reint_downloadmanager TYPO3 extension allows remote attackers to read arbitrary files via the downloaduid parameter in the downloadAction.
References
- github.com/FriendsOfPHP/security-advisories/blob/master/renolit/reint-downloadmanager/CVE-2025-48207.yaml
- github.com/Kephson/reint_downloadmanager
- github.com/Kephson/reint_downloadmanager/commit/99b07497f5842a59e934583283e1b5a477ce79a9
- github.com/advisories/GHSA-jjwh-4x89-7f5w
- nvd.nist.gov/vuln/detail/CVE-2025-48207
- typo3.org/security/advisory/typo3-ext-sa-2025-004
Code Behaviors & Features
Detect and mitigate CVE-2025-48207 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →