Primary

Context

TYPO3 sr_feuser_register Extension Remote Code Execution Vulnerability

Vulnerability

Patched

A remote code execution vulnerability has been identified in the sr_feuser_register extension for TYPO3, affecting versions 5.1.0 through 12.4.8. The vulnerability arises because the extension allows the exchange of serialized file object representations without proper validation. This flaw enables attackers to inject arbitrary serialized PHP objects that may be deserialized on the server side, potentially leading to remote code execution.

Impact

Exploitation of this vulnerability allows for remote code execution on the server where the affected TYPO3 instance is running.

Remediation

Users of the sr_feuser_register extension are advised to update to version 12.5.0, available from the TYPO3 extension manager, Packagist, and the TYPO3 Extensions Repository.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

6.4

impact

10.0

exploitability

8.3

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

10.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

6.4

impact

10.0

exploitability

8.3

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

10.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

TYPO3 sr_feuser_register Extension Remote Code Execution Vulnerability

Vulnerability

Impact

Remediation

Affected Products

TYPO3 sr_feuser_register

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating