Medium severity5.3NVD Advisory· Published May 21, 2025· Updated Apr 15, 2026
CVE-2025-48202
CVE-2025-48202
Description
The femanager extension through 8.2.1 for TYPO3 allows Insecure Direct Object Reference.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
in2code/femanagerPackagist | >= 8.0.0, < 8.2.2 | 8.2.2 |
in2code/femanagerPackagist | >= 7.0.0, < 7.4.2 | 7.4.2 |
in2code/femanagerPackagist | >= 6.0.0, < 6.4.1 | 6.4.1 |
in2code/femanagerPackagist | >= 5.5.0, < 5.5.5 | 5.5.5 |
Patches
154851f8f6025[SECURITY] Don't pass User to newAction
3 files changed · +8 −4
Classes/Controller/NewController.php+1 −3 modified@@ -41,14 +41,12 @@ class NewController extends AbstractFrontendController /** * Render registration form * - * @param User|null $user * @throws JsonException */ - public function newAction(User $user = null): ResponseInterface + public function newAction(): ResponseInterface { $this->view->assignMultiple( [ - 'user' => $user, 'allUserGroups' => $this->allUserGroups, ] );
Documentation/Changelog/Index.rst+6 −0 modified@@ -4,6 +4,12 @@ Changelog ========= +- + :Version: 8.2.2 + :Date: 2025-05-20 + :Changes: + * [BUGFIX] Security: Missing Hash Check for invitation controller - Invitation Templates must be updated (if a custom template is used) + - :Version: 8.2.1 :Date: 2024-11-11
ext_emconf.php+1 −1 modified@@ -13,7 +13,7 @@ 'author_email' => 'info@in2code.de', 'author_company' => 'in2code.de - Wir leben TYPO3', 'state' => 'stable', - 'version' => '8.2.1', + 'version' => '8.2.2', 'constraints' => [ 'depends' => [ 'typo3' => '12.0.0-12.4.99',
Vulnerability mechanics
Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
5- github.com/advisories/GHSA-xxwr-wv9g-7jw3ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2025-48202ghsaADVISORY
- github.com/FriendsOfPHP/security-advisories/blob/master/in2code/femanager/CVE-2025-48202.yamlghsaWEB
- github.com/in2code-de/femanager/commit/54851f8f60254bd8060bdf7bc16d56f4de7bd828ghsaWEB
- typo3.org/security/advisory/typo3-ext-sa-2025-006nvdWEB
News mentions
0No linked articles in our index yet.