CVE-2025-7899

Medium CVSS 6.0

Overview

The powermail extension for TYPO3 allows Insecure Direct Object Reference resulting in download of arbitrary files from the webserver. This issue affects powermail version 12.0.0 up to 12.5.2 and version 13.0.0

CWE: CWE-639 Published: 2025-07-22T11:15:24.157

Risk analysis

This vulnerability is rated 🟡 MEDIUM.

CVSS: 6.0 (MEDIUM)
Detected tags: typo3 (tag impact: LOW)

Recommended actions:

Prioritize remediation based on business criticality and exposure.
Limit exposure and increase monitoring until fixed.

Overview

Recommended tools

Tags