What the vulnerability does
01Description
The sr_feuser_register extension through 12.4.8 for TYPO3 allows Remote Code Execution.
CVSS base score
10.0/10
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Key dates
02Disclosure timeline
May 21, 2025
CVE published
May 22, 2025
Record updated
External resources
03References
Related vulnerabilities
04Related CVE
CVE-2025-11157 Arbitrary Code Execution in feast-dev/feast
CVE-2025-31084 WordPress Sunshine Photo Cart plugin <= 3.4.10 - PHP Object Injection Vulnerability
CVE-2024-10942 All in One WP Migration <= 7.89 - Unauthenticated PHP Object Injection
CVE-2023-49773 WordPress BCorp Shortcodes Plugin <= 0.23 is vulnerable to PHP Object Injection
CVE-2024-28212
