Remote Code Execution in sr_feuser_register Extension for TYPO3
CVE-2025-48200

10CRITICAL

Key Information:

Vendor: Typo3
Status: Sr Feuser Register Extension
Vendor: CVE Published:; 21 May 2025

What is CVE-2025-48200?

The sr_feuser_register extension for TYPO3, up to version 12.4.8, is vulnerable to a Remote Code Execution attack. This vulnerability allows unauthorized attackers to execute arbitrary code on the server, potentially leading to severe impacts on the website's security and integrity. It is crucial for TYPO3 users to apply security updates and best practices to mitigate the risks associated with this vulnerability.

Affected Version(s)

sr feuser register extension 5.1.0 < 12.5.0

References

https://typo3.org/security/advisory/typo3-ext-sa-2025-008

CVSS V3.1

Score:

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 21, 2025
Vulnerability Reserved
May 17, 2025

JSON

Typo3

What is CVE-2025-48200?

Affected Version(s)

References

CVSS V3.1

Timeline