CVE-2025-48205: The Front End User Registration extension for TYPO3 (sr_feuser_register) allows Insecure Direct Object Reference

May 21, 2025

The sr_feuser_register extension through 12.4.8 for TYPO3 allows Insecure Direct Object Reference. This allows attackers to read arbitrary files.

References

codeberg.org/sjbr/sr-feuser-register
codeberg.org/sjbr/sr-feuser-register/commit/be44f61a475371c36b2035cbb523b56f5e34267d
github.com/advisories/GHSA-cvgc-mx2w-h3w8
nvd.nist.gov/vuln/detail/CVE-2025-48205
typo3.org/security/advisory/typo3-ext-sa-2025-008

Code Behaviors & Features

Detect and mitigate CVE-2025-48205 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →