CNNVD-202507-2869 Information

CNNVD ID

CNNVD-202507-2869

Related CVE

CVE-2025-7899

• CNNVD Published: 2025-07-22

Description (Chinese)

TYPO3 powermail是TYPO3开源的一个邮件表单扩展。 TYPO3 powermail 12.0.0至12.5.2版本和13.0.0版本存在安全漏洞，该漏洞源于不安全的直接对象引用，可能导致从Web服务器下载任意文件。

Description (English)

TYPO3 Powermail is an extension of an mail form from TYPO3 open source. There is a security loophole in TYPO3 powermails 12.0.0 to 12.5.2 and 13.0.0, which originates from unsafe direct reference and may lead to the downloading of random files from the Web server.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

TYPO3

Published

2025-07-22

Last Modified

2026-02-24

References

https://typo3.org/security/advisory/typo3-ext-sa-2025-009 https://vigilance.fr/vulnerability/TYPO3-powermail-file-reading-via-downloadFile-47777 https://nvd.nist.gov/vuln/detail/CVE-2025-7899

Patch

https://extensions.typo3.org/extension/powermail