CVE-2025-7899

Vulnerability Description

The powermail extension for TYPO3 allows Insecure Direct Object Reference resulting in download of arbitrary files from the webserver. This issue affects powermail version 12.0.0 up to 12.5.2 and version 13.0.0

Related Weaknesses (CWE)

CWE-639

References

https://typo3.org/security/advisory/typo3-ext-sa-2025-009

FAQ

What is CVE-2025-7899?

CVE-2025-7899 is a documented vulnerability. The powermail extension for TYPO3 allows Insecure Direct Object Reference resulting in download of arbitrary files from the webserver. This issue affects powermail version 12.0.0 up to 12.5.2 and vers...

How severe is CVE-2025-7899?

CVSS scoring is not yet available for CVE-2025-7899. Check NVD for updates.

Is there a patch for CVE-2025-7899?

Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.