Search

Find a vulnerability

Search criteria Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.

    471 vulnerabilities found for Typo3 by Typo3

    CERTFR-2026-AVI-0722

    Vulnerability from certfr_avis - Published: 2026-06-10 - Updated: 2026-06-10

    De multiples vulnérabilités ont été découvertes dans Typo3. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et une atteinte à la confidentialité des données.

    Solutions

    Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

    Impacted products
    Vendor Product Description
    Typo3 Typo3 Typo3 versions 14.x antérieures à 14.3.3
    Typo3 Typo3 Typo3 versions antérieures à 10.4.57
    Typo3 Typo3 Typo3 versions 12.x antérieures à 12.4.46
    Typo3 Typo3 Typo3 versions 13.x antérieures à 13.4.31
    Typo3 Typo3 Typo3 versions 11.x antérieures à 11.5.51
    References

    Show details on source website

    {
      "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
      "affected_systems": [
        {
          "description": "Typo3 versions 14.x ant\u00e9rieures \u00e0 14.3.3",
          "product": {
            "name": "Typo3",
            "vendor": {
              "name": "Typo3",
              "scada": false
            }
          }
        },
        {
          "description": "Typo3 versions ant\u00e9rieures \u00e0 10.4.57",
          "product": {
            "name": "Typo3",
            "vendor": {
              "name": "Typo3",
              "scada": false
            }
          }
        },
        {
          "description": "Typo3 versions 12.x ant\u00e9rieures \u00e0 12.4.46",
          "product": {
            "name": "Typo3",
            "vendor": {
              "name": "Typo3",
              "scada": false
            }
          }
        },
        {
          "description": "Typo3 versions 13.x ant\u00e9rieures \u00e0 13.4.31",
          "product": {
            "name": "Typo3",
            "vendor": {
              "name": "Typo3",
              "scada": false
            }
          }
        },
        {
          "description": "Typo3 versions 11.x ant\u00e9rieures \u00e0 11.5.51",
          "product": {
            "name": "Typo3",
            "vendor": {
              "name": "Typo3",
              "scada": false
            }
          }
        }
      ],
      "affected_systems_content": "",
      "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
      "cves": [
        {
          "name": "CVE-2026-49742",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-49742"
        },
        {
          "name": "CVE-2026-47350",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-47350"
        },
        {
          "name": "CVE-2026-47349",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-47349"
        },
        {
          "name": "CVE-2026-47351",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-47351"
        },
        {
          "name": "CVE-2026-49738",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-49738"
        },
        {
          "name": "CVE-2026-49741",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-49741"
        },
        {
          "name": "CVE-2026-11607",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11607"
        },
        {
          "name": "CVE-2026-49740",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-49740"
        },
        {
          "name": "CVE-2026-47352",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-47352"
        },
        {
          "name": "CVE-2026-47348",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-47348"
        }
      ],
      "initial_release_date": "2026-06-10T00:00:00",
      "last_revision_date": "2026-06-10T00:00:00",
      "links": [],
      "reference": "CERTFR-2026-AVI-0722",
      "revisions": [
        {
          "description": "Version initiale",
          "revision_date": "2026-06-10T00:00:00.000000"
        }
      ],
      "risks": [
        {
          "description": "Injection de code indirecte \u00e0 distance (XSS)"
        },
        {
          "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
        },
        {
          "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
        },
        {
          "description": "Injection SQL (SQLi)"
        },
        {
          "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
        },
        {
          "description": "Contournement de la politique de s\u00e9curit\u00e9"
        },
        {
          "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
        },
        {
          "description": "\u00c9l\u00e9vation de privil\u00e8ges"
        }
      ],
      "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Typo3. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
      "title": "Multiples vuln\u00e9rabilit\u00e9s dans Typo3",
      "vendor_advisories": [
        {
          "published_at": "2026-06-09",
          "title": "Bulletin de s\u00e9curit\u00e9 Typo3 GHSA-qcmw-6rm2-5x78",
          "url": "https://github.com/TYPO3/typo3/security/advisories/GHSA-qcmw-6rm2-5x78"
        },
        {
          "published_at": "2026-06-09",
          "title": "Bulletin de s\u00e9curit\u00e9 Typo3 GHSA-q93m-25xv-94hh",
          "url": "https://github.com/TYPO3/typo3/security/advisories/GHSA-q93m-25xv-94hh"
        },
        {
          "published_at": "2026-06-09",
          "title": "Bulletin de s\u00e9curit\u00e9 Typo3 GHSA-chm7-4vch-h8vr",
          "url": "https://github.com/TYPO3/typo3/security/advisories/GHSA-chm7-4vch-h8vr"
        },
        {
          "published_at": "2026-06-09",
          "title": "Bulletin de s\u00e9curit\u00e9 Typo3 GHSA-f34x-rx2w-7pm3",
          "url": "https://github.com/TYPO3/typo3/security/advisories/GHSA-f34x-rx2w-7pm3"
        },
        {
          "published_at": "2026-06-09",
          "title": "Bulletin de s\u00e9curit\u00e9 Typo3 GHSA-cg75-qfg2-w9hj",
          "url": "https://github.com/TYPO3/typo3/security/advisories/GHSA-cg75-qfg2-w9hj"
        },
        {
          "published_at": "2026-06-09",
          "title": "Bulletin de s\u00e9curit\u00e9 Typo3 GHSA-jh32-v29g-68pq",
          "url": "https://github.com/TYPO3/typo3/security/advisories/GHSA-jh32-v29g-68pq"
        },
        {
          "published_at": "2026-06-09",
          "title": "Bulletin de s\u00e9curit\u00e9 Typo3 GHSA-2j54-93q2-3hjq",
          "url": "https://github.com/TYPO3/typo3/security/advisories/GHSA-2j54-93q2-3hjq"
        },
        {
          "published_at": "2026-06-09",
          "title": "Bulletin de s\u00e9curit\u00e9 Typo3 GHSA-pjpj-v387-x4vq",
          "url": "https://github.com/TYPO3/typo3/security/advisories/GHSA-pjpj-v387-x4vq"
        },
        {
          "published_at": "2026-06-09",
          "title": "Bulletin de s\u00e9curit\u00e9 Typo3 GHSA-jf56-v8jc-jcc5",
          "url": "https://github.com/TYPO3/typo3/security/advisories/GHSA-jf56-v8jc-jcc5"
        },
        {
          "published_at": "2026-06-09",
          "title": "Bulletin de s\u00e9curit\u00e9 Typo3 GHSA-c78m-c52x-jgwp",
          "url": "https://github.com/TYPO3/typo3/security/advisories/GHSA-c78m-c52x-jgwp"
        }
      ]
    }

    CERTFR-2026-AVI-0464

    Vulnerability from certfr_avis - Published: 2026-04-21 - Updated: 2026-04-21

    Une vulnérabilité a été découverte dans Typo3. Elle permet à un attaquant de provoquer une atteinte à la confidentialité des données.

    Solutions

    Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

    Impacted products
    Vendor Product Description
    Typo3 Typo3 typo3/cms-backend versions antérieures à 14.3.0 pour composer
    References

    Show details on source website

    {
      "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
      "affected_systems": [
        {
          "description": "typo3/cms-backend versions ant\u00e9rieures \u00e0 14.3.0 pour composer",
          "product": {
            "name": "Typo3",
            "vendor": {
              "name": "Typo3",
              "scada": false
            }
          }
        }
      ],
      "affected_systems_content": "",
      "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
      "cves": [
        {
          "name": "CVE-2026-6553",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-6553"
        }
      ],
      "initial_release_date": "2026-04-21T00:00:00",
      "last_revision_date": "2026-04-21T00:00:00",
      "links": [],
      "reference": "CERTFR-2026-AVI-0464",
      "revisions": [
        {
          "description": "Version initiale",
          "revision_date": "2026-04-21T00:00:00.000000"
        }
      ],
      "risks": [
        {
          "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
        }
      ],
      "summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans Typo3. Elle permet \u00e0 un attaquant de provoquer une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
      "title": "Vuln\u00e9rabilit\u00e9 dans Typo3",
      "vendor_advisories": [
        {
          "published_at": "2026-04-21",
          "title": "Bulletin de s\u00e9curit\u00e9 Typo3 GHSA-xvv6-p4wf-mvx7",
          "url": "https://github.com/TYPO3/typo3/security/advisories/GHSA-xvv6-p4wf-mvx7"
        }
      ]
    }

    CERTFR-2026-AVI-0037

    Vulnerability from certfr_avis - Published: 2026-01-14 - Updated: 2026-01-14

    De multiples vulnérabilités ont été découvertes dans Typo3. Elles permettent à un attaquant de provoquer une exécution de code arbitraire et un contournement de la politique de sécurité.

    Solutions

    Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

    Impacted products
    Vendor Product Description
    Typo3 Typo3 typo3/cms-backend versions antérieures à 14.0.2 pour composer
    Typo3 Typo3 typo3/cms-backend versions antérieures à 12.4.41 pour composer
    Typo3 Typo3 typo3/cms-core versions antérieures à 13.4.23 pour composer
    Typo3 Typo3 typo3/cms-recycler versions antérieures à 10.4.55 pour composer
    Typo3 Typo3 typo3/cms-backend versions antérieures à 13.4.23 pour composer
    Typo3 Typo3 typo3/cms-redirects versions antérieures à 12.4.41 pour composer
    Typo3 Typo3 typo3/cms-recycler versions antérieures à 11.5.49 pour composer
    Typo3 Typo3 typo3/cms-core versions antérieures à 11.5.49 pour composer
    Typo3 Typo3 typo3/cms-backend versions antérieures à 11.5.49 pour composer
    Typo3 Typo3 typo3/cms-recycler versions antérieures à 14.0.2 pour composer
    Typo3 Typo3 typo3/cms-core versions antérieures à 10.4.55 pour composer
    Typo3 Typo3 typo3/cms-core versions antérieures à 12.4.41 pour composer
    Typo3 Typo3 typo3/cms-redirects versions antérieures à 10.4.55 pour composer
    Typo3 Typo3 typo3/cms-core versions antérieures à 14.0.2 pour composer
    Typo3 Typo3 typo3/cms-backend versions antérieures à 10.4.55 pour composer
    Typo3 Typo3 typo3/cms-recycler versions antérieures à 13.4.23 pour composer
    Typo3 Typo3 typo3/cms-redirects versions antérieures à 13.4.23 pour composer
    Typo3 Typo3 typo3/cms-redirects versions antérieures à 14.0.2 pour composer
    Typo3 Typo3 typo3/cms-redirects versions antérieures à 11.5.49 pour composer
    Typo3 Typo3 typo3/cms-recycler versions antérieures à 12.4.41 pour composer
    References

    Show details on source website

    {
      "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
      "affected_systems": [
        {
          "description": "typo3/cms-backend versions ant\u00e9rieures \u00e0 14.0.2 pour composer",
          "product": {
            "name": "Typo3",
            "vendor": {
              "name": "Typo3",
              "scada": false
            }
          }
        },
        {
          "description": "typo3/cms-backend versions ant\u00e9rieures \u00e0 12.4.41 pour composer",
          "product": {
            "name": "Typo3",
            "vendor": {
              "name": "Typo3",
              "scada": false
            }
          }
        },
        {
          "description": "typo3/cms-core versions ant\u00e9rieures \u00e0 13.4.23 pour composer",
          "product": {
            "name": "Typo3",
            "vendor": {
              "name": "Typo3",
              "scada": false
            }
          }
        },
        {
          "description": "typo3/cms-recycler versions ant\u00e9rieures \u00e0 10.4.55 pour composer",
          "product": {
            "name": "Typo3",
            "vendor": {
              "name": "Typo3",
              "scada": false
            }
          }
        },
        {
          "description": "typo3/cms-backend versions ant\u00e9rieures \u00e0 13.4.23 pour composer",
          "product": {
            "name": "Typo3",
            "vendor": {
              "name": "Typo3",
              "scada": false
            }
          }
        },
        {
          "description": "typo3/cms-redirects versions ant\u00e9rieures \u00e0 12.4.41 pour composer",
          "product": {
            "name": "Typo3",
            "vendor": {
              "name": "Typo3",
              "scada": false
            }
          }
        },
        {
          "description": "typo3/cms-recycler versions ant\u00e9rieures \u00e0 11.5.49 pour composer",
          "product": {
            "name": "Typo3",
            "vendor": {
              "name": "Typo3",
              "scada": false
            }
          }
        },
        {
          "description": "typo3/cms-core versions ant\u00e9rieures \u00e0 11.5.49 pour composer",
          "product": {
            "name": "Typo3",
            "vendor": {
              "name": "Typo3",
              "scada": false
            }
          }
        },
        {
          "description": "typo3/cms-backend versions ant\u00e9rieures \u00e0 11.5.49 pour composer",
          "product": {
            "name": "Typo3",
            "vendor": {
              "name": "Typo3",
              "scada": false
            }
          }
        },
        {
          "description": "typo3/cms-recycler versions ant\u00e9rieures \u00e0 14.0.2 pour composer",
          "product": {
            "name": "Typo3",
            "vendor": {
              "name": "Typo3",
              "scada": false
            }
          }
        },
        {
          "description": "typo3/cms-core versions ant\u00e9rieures \u00e0 10.4.55 pour composer",
          "product": {
            "name": "Typo3",
            "vendor": {
              "name": "Typo3",
              "scada": false
            }
          }
        },
        {
          "description": "typo3/cms-core versions ant\u00e9rieures \u00e0 12.4.41 pour composer",
          "product": {
            "name": "Typo3",
            "vendor": {
              "name": "Typo3",
              "scada": false
            }
          }
        },
        {
          "description": "typo3/cms-redirects versions ant\u00e9rieures \u00e0 10.4.55 pour composer",
          "product": {
            "name": "Typo3",
            "vendor": {
              "name": "Typo3",
              "scada": false
            }
          }
        },
        {
          "description": "typo3/cms-core versions ant\u00e9rieures \u00e0 14.0.2 pour composer",
          "product": {
            "name": "Typo3",
            "vendor": {
              "name": "Typo3",
              "scada": false
            }
          }
        },
        {
          "description": "typo3/cms-backend versions ant\u00e9rieures \u00e0 10.4.55 pour composer",
          "product": {
            "name": "Typo3",
            "vendor": {
              "name": "Typo3",
              "scada": false
            }
          }
        },
        {
          "description": "typo3/cms-recycler versions ant\u00e9rieures \u00e0 13.4.23 pour composer",
          "product": {
            "name": "Typo3",
            "vendor": {
              "name": "Typo3",
              "scada": false
            }
          }
        },
        {
          "description": "typo3/cms-redirects versions ant\u00e9rieures \u00e0 13.4.23 pour composer",
          "product": {
            "name": "Typo3",
            "vendor": {
              "name": "Typo3",
              "scada": false
            }
          }
        },
        {
          "description": "typo3/cms-redirects versions ant\u00e9rieures \u00e0 14.0.2 pour composer",
          "product": {
            "name": "Typo3",
            "vendor": {
              "name": "Typo3",
              "scada": false
            }
          }
        },
        {
          "description": "typo3/cms-redirects versions ant\u00e9rieures \u00e0 11.5.49 pour composer",
          "product": {
            "name": "Typo3",
            "vendor": {
              "name": "Typo3",
              "scada": false
            }
          }
        },
        {
          "description": "typo3/cms-recycler versions ant\u00e9rieures \u00e0 12.4.41 pour composer",
          "product": {
            "name": "Typo3",
            "vendor": {
              "name": "Typo3",
              "scada": false
            }
          }
        }
      ],
      "affected_systems_content": "",
      "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
      "cves": [
        {
          "name": "CVE-2026-0859",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-0859"
        },
        {
          "name": "CVE-2025-59020",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-59020"
        },
        {
          "name": "CVE-2025-59022",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-59022"
        },
        {
          "name": "CVE-2025-59021",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-59021"
        }
      ],
      "initial_release_date": "2026-01-14T00:00:00",
      "last_revision_date": "2026-01-14T00:00:00",
      "links": [],
      "reference": "CERTFR-2026-AVI-0037",
      "revisions": [
        {
          "description": "Version initiale",
          "revision_date": "2026-01-14T00:00:00.000000"
        }
      ],
      "risks": [
        {
          "description": "Ex\u00e9cution de code arbitraire"
        },
        {
          "description": "Contournement de la politique de s\u00e9curit\u00e9"
        }
      ],
      "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Typo3. Elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire et un contournement de la politique de s\u00e9curit\u00e9.",
      "title": "Multiples vuln\u00e9rabilit\u00e9s dans Typo3",
      "vendor_advisories": [
        {
          "published_at": "2026-01-13",
          "title": "Bulletin de s\u00e9curit\u00e9 Typo3 GHSA-5j7q-wmh7-cqhg",
          "url": "https://github.com/TYPO3/typo3/security/advisories/GHSA-5j7q-wmh7-cqhg"
        },
        {
          "published_at": "2026-01-13",
          "title": "Bulletin de s\u00e9curit\u00e9 Typo3 GHSA-p52w-7rhw-9m67",
          "url": "https://github.com/TYPO3/typo3/security/advisories/GHSA-p52w-7rhw-9m67"
        },
        {
          "published_at": "2026-01-13",
          "title": "Bulletin de s\u00e9curit\u00e9 Typo3 GHSA-6c46-p6j5-3f49",
          "url": "https://github.com/TYPO3/typo3/security/advisories/GHSA-6c46-p6j5-3f49"
        },
        {
          "published_at": "2026-01-13",
          "title": "Bulletin de s\u00e9curit\u00e9 Typo3 GHSA-7vp9-x248-9vr9",
          "url": "https://github.com/TYPO3/typo3/security/advisories/GHSA-7vp9-x248-9vr9"
        }
      ]
    }

    CVE-2026-6553 (GCVE-0-2026-6553)

    Vulnerability from nvd – Published: 2026-04-21 10:04 – Updated: 2026-04-21 13:20
    VLAI
    Title
    TYPO3 CMS Stores Cleartext Password in User Settings Module
    Summary
    Changing backend users' passwords via the user settings module results in storing the cleartext password in the uc and user_settings fields of the be_users database table. This issue affects TYPO3 CMS version 14.2.0.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-312 - Cleartext storage of sensitive information
    Assigner
    Impacted products
    Vendor Product Version
    TYPO3 TYPO3 CMS Affected: 14.2.0 , < 14.3.0 (semver)
    Create a notification for this product.
    Credits
    Martin Clewing Garvin Hicking Stefan Bürk Oliver Hader
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-6553",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-04-21T13:20:11.733627Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-04-21T13:20:23.515Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://packagist.org",
              "defaultStatus": "unaffected",
              "packageName": "typo3/cms-backend",
              "product": "TYPO3 CMS",
              "repo": "https://github.com/TYPO3/typo3",
              "vendor": "TYPO3",
              "versions": [
                {
                  "lessThan": "14.3.0",
                  "status": "affected",
                  "version": "14.2.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "14.3.0",
                      "versionStartIncluding": "14.2.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "Martin Clewing"
            },
            {
              "lang": "en",
              "type": "remediation developer",
              "value": "Garvin Hicking"
            },
            {
              "lang": "en",
              "type": "remediation developer",
              "value": "Stefan B\u00fcrk"
            },
            {
              "lang": "en",
              "type": "remediation developer",
              "value": "Oliver Hader"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Changing backend users\u0027 passwords via the user settings module results in storing the cleartext password in the \u003ccode\u003euc\u003c/code\u003e and \u003ccode\u003euser_settings\u003c/code\u003e fields of the \u003ccode\u003ebe_users\u003c/code\u003e database table. This issue affects TYPO3 CMS version 14.2.0."
                }
              ],
              "value": "Changing backend users\u0027 passwords via the user settings module results in storing the cleartext password in the uc and user_settings fields of the be_users database table. This issue affects TYPO3 CMS version 14.2.0."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "PRESENT",
                "attackVector": "NETWORK",
                "baseScore": 7.3,
                "baseSeverity": "HIGH",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "HIGH",
                "subConfidentialityImpact": "HIGH",
                "subIntegrityImpact": "HIGH",
                "userInteraction": "PASSIVE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:N/VA:N/SC:H/SI:H/SA:H",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-312",
                  "description": "CWE-312 Cleartext storage of sensitive information",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-21T10:08:27.342Z",
            "orgId": "f4fb688c-4412-4426-b4b8-421ecf27b14a",
            "shortName": "TYPO3"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://typo3.org/security/advisory/typo3-core-sa-2026-005"
            },
            {
              "name": "Git commit of main branch",
              "tags": [
                "patch"
              ],
              "url": "https://github.com/TYPO3/typo3/commit/9a6e913f70767f63b322ae3e2d2f4e302624c291"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "TYPO3 CMS Stores Cleartext Password in User Settings Module",
          "x_generator": {
            "engine": "Vulnogram 1.0.1"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f4fb688c-4412-4426-b4b8-421ecf27b14a",
        "assignerShortName": "TYPO3",
        "cveId": "CVE-2026-6553",
        "datePublished": "2026-04-21T10:04:02.525Z",
        "dateReserved": "2026-04-17T21:40:53.165Z",
        "dateUpdated": "2026-04-21T13:20:23.515Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-0859 (GCVE-0-2026-0859)

    Vulnerability from nvd – Published: 2026-01-13 11:54 – Updated: 2026-01-13 14:12
    VLAI
    Title
    TYPO3 CMS Allows Insecure Deserialization via Mailer File Spool
    Summary
    TYPO3's mail‑file spool deserialization flaw lets local users with write access to the spool directory craft a malicious file that is deserialized during the mailer:spool:send command, enabling arbitrary PHP code execution on the web server. This issue affects TYPO3 CMS versions 10.0.0-10.4.54, 11.0.0-11.5.48, 12.0.0-12.4.40, 13.0.0-13.4.22 and 14.0.0-14.0.1.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-502 - Deserialization of Untrusted Data
    Assigner
    Impacted products
    Vendor Product Version
    TYPO3 TYPO3 CMS Affected: 10.0.0 , < 10.4.55 (semver)
    Affected: 11.0.0 , < 11.5.49 (semver)
    Affected: 12.0.0 , < 12.4.41 (semver)
    Affected: 13.0.0 , < 13.4.23 (semver)
    Affected: 14.0.0 , < 14.0.2 (semver)
    Create a notification for this product.
    Credits
    Vitaly Simonovich Elias Häußler Oliver Hader
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-0859",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-01-13T14:11:54.124321Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-01-13T14:12:12.132Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://packagist.org",
              "defaultStatus": "unaffected",
              "modules": [
                "Core"
              ],
              "packageName": "typo3/cms-core",
              "product": "TYPO3 CMS",
              "repo": "https://github.com/TYPO3/typo3",
              "vendor": "TYPO3",
              "versions": [
                {
                  "lessThan": "10.4.55",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "11.5.49",
                  "status": "affected",
                  "version": "11.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "12.4.41",
                  "status": "affected",
                  "version": "12.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "13.4.23",
                  "status": "affected",
                  "version": "13.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "14.0.2",
                  "status": "affected",
                  "version": "14.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "10.4.55",
                      "versionStartIncluding": "10.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "11.5.49",
                      "versionStartIncluding": "11.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "12.4.41",
                      "versionStartIncluding": "12.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "13.4.23",
                      "versionStartIncluding": "13.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "14.0.2",
                      "versionStartIncluding": "14.0.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "Vitaly Simonovich"
            },
            {
              "lang": "en",
              "type": "remediation developer",
              "value": "Elias H\u00e4u\u00dfler"
            },
            {
              "lang": "en",
              "type": "remediation developer",
              "value": "Oliver Hader"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "TYPO3\u0027s mail\u2011file spool deserialization flaw lets local users with write access to the spool directory craft a malicious file that is deserialized during the \u003ccode\u003emailer:spool:send\u003c/code\u003e command, enabling arbitrary PHP code execution on the web server. This issue affects TYPO3 CMS versions 10.0.0-10.4.54, 11.0.0-11.5.48, 12.0.0-12.4.40, 13.0.0-13.4.22 and 14.0.0-14.0.1."
                }
              ],
              "value": "TYPO3\u0027s mail\u2011file spool deserialization flaw lets local users with write access to the spool directory craft a malicious file that is deserialized during the mailer:spool:send command, enabling arbitrary PHP code execution on the web server. This issue affects TYPO3 CMS versions 10.0.0-10.4.54, 11.0.0-11.5.48, 12.0.0-12.4.40, 13.0.0-13.4.22 and 14.0.0-14.0.1."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "PRESENT",
                "attackVector": "LOCAL",
                "baseScore": 5.2,
                "baseSeverity": "MEDIUM",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "HIGH",
                "subConfidentialityImpact": "HIGH",
                "subIntegrityImpact": "HIGH",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:H/SI:H/SA:H",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "LOW",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-502",
                  "description": "CWE-502 Deserialization of Untrusted Data",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-01-13T11:54:25.069Z",
            "orgId": "f4fb688c-4412-4426-b4b8-421ecf27b14a",
            "shortName": "TYPO3"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://typo3.org/security/advisory/typo3-core-sa-2026-004"
            },
            {
              "name": "Git commit of main branch",
              "tags": [
                "patch"
              ],
              "url": "https://github.com/TYPO3/typo3/commit/3225d705080a1bde57a66689621c947da5a4782f"
            },
            {
              "name": "Git commit of 13.4 branch",
              "tags": [
                "patch"
              ],
              "url": "https://github.com/TYPO3/typo3/commit/e0f0ceee480c203fbb60b87454f5f193e541d27f"
            },
            {
              "name": "Git commit of 12.4 branch",
              "tags": [
                "patch"
              ],
              "url": "https://github.com/TYPO3/typo3/commit/722bf71c118b0a8e4f2c2494854437d846799a13"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "TYPO3 CMS Allows Insecure Deserialization via Mailer File Spool",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f4fb688c-4412-4426-b4b8-421ecf27b14a",
        "assignerShortName": "TYPO3",
        "cveId": "CVE-2026-0859",
        "datePublished": "2026-01-13T11:54:11.494Z",
        "dateReserved": "2026-01-12T11:25:46.041Z",
        "dateUpdated": "2026-01-13T14:12:12.132Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-59022 (GCVE-0-2025-59022)

    Vulnerability from nvd – Published: 2026-01-13 11:53 – Updated: 2026-01-13 14:21
    VLAI
    Title
    TYPO3 CMS Allows Broken Access Control in Recycler Module
    Summary
    Backend users who had access to the recycler module could delete arbitrary data from any database table defined in the TCA - regardless of whether they had permission to that particular table. This allowed attackers to purge and destroy critical site data, effectively rendering the website unavailable. This issue affects TYPO3 CMS versions 10.0.0-10.4.54, 11.0.0-11.5.48, 12.0.0-12.4.40, 13.0.0-13.4.22 and 14.0.0-14.0.1.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    TYPO3 TYPO3 CMS Affected: 10.0.0 , < 10.4.55 (semver)
    Affected: 11.0.0 , < 11.5.49 (semver)
    Affected: 12.0.0 , < 12.4.41 (semver)
    Affected: 13.0.0 , < 13.4.23 (semver)
    Affected: 14.0.0 , < 14.0.2 (semver)
    Create a notification for this product.
    Credits
    Sven Jürgens Daniel Windloff Elias Häußler
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-59022",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-01-13T14:19:35.396050Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-01-13T14:21:59.794Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://packagist.org",
              "defaultStatus": "unaffected",
              "modules": [
                "Recycler"
              ],
              "packageName": "typo3/cms-recycler",
              "product": "TYPO3 CMS",
              "repo": "https://github.com/TYPO3/typo3",
              "vendor": "TYPO3",
              "versions": [
                {
                  "lessThan": "10.4.55",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "11.5.49",
                  "status": "affected",
                  "version": "11.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "12.4.41",
                  "status": "affected",
                  "version": "12.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "13.4.23",
                  "status": "affected",
                  "version": "13.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "14.0.2",
                  "status": "affected",
                  "version": "14.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "10.4.55",
                      "versionStartIncluding": "10.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "11.5.49",
                      "versionStartIncluding": "11.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "12.4.41",
                      "versionStartIncluding": "12.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "13.4.23",
                      "versionStartIncluding": "13.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "14.0.2",
                      "versionStartIncluding": "14.0.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "AND"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "Sven J\u00fcrgens"
            },
            {
              "lang": "en",
              "type": "reporter",
              "value": "Daniel Windloff"
            },
            {
              "lang": "en",
              "type": "remediation developer",
              "value": "Elias H\u00e4u\u00dfler"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Backend users who had access to the recycler module could delete arbitrary data from any database table defined in the \u003ccode\u003eTCA\u003c/code\u003e - regardless of whether they had permission to that particular table. This allowed attackers to purge and destroy critical site data, effectively rendering the website unavailable. This issue affects TYPO3 CMS versions 10.0.0-10.4.54, 11.0.0-11.5.48, 12.0.0-12.4.40, 13.0.0-13.4.22 and 14.0.0-14.0.1."
                }
              ],
              "value": "Backend users who had access to the recycler module could delete arbitrary data from any database table defined in the TCA - regardless of whether they had permission to that particular table. This allowed attackers to purge and destroy critical site data, effectively rendering the website unavailable. This issue affects TYPO3 CMS versions 10.0.0-10.4.54, 11.0.0-11.5.48, 12.0.0-12.4.40, 13.0.0-13.4.22 and 14.0.0-14.0.1."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 7.1,
                "baseSeverity": "HIGH",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-862",
                  "description": "CWE-862 Missing Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-01-13T11:53:45.184Z",
            "orgId": "f4fb688c-4412-4426-b4b8-421ecf27b14a",
            "shortName": "TYPO3"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://typo3.org/security/advisory/typo3-core-sa-2026-003"
            },
            {
              "name": "Git commit of main branch",
              "tags": [
                "patch"
              ],
              "url": "https://github.com/TYPO3/typo3/commit/336d6f165458a0ce32d8330999ab9ab6a5983d20"
            },
            {
              "name": "Git commit of 13.4 branch",
              "tags": [
                "patch"
              ],
              "url": "https://github.com/TYPO3/typo3/commit/efb9528f9882ac924c40598ebd8508479e9950a3"
            },
            {
              "name": "Git commit of 12.4 branch",
              "tags": [
                "patch"
              ],
              "url": "https://github.com/TYPO3/typo3/commit/a6604db66499710f72ae6e7006beb14ad0913aae"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "TYPO3 CMS Allows Broken Access Control in Recycler Module",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f4fb688c-4412-4426-b4b8-421ecf27b14a",
        "assignerShortName": "TYPO3",
        "cveId": "CVE-2025-59022",
        "datePublished": "2026-01-13T11:53:45.184Z",
        "dateReserved": "2025-09-07T19:01:20.436Z",
        "dateUpdated": "2026-01-13T14:21:59.794Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-59021 (GCVE-0-2025-59021)

    Vulnerability from nvd – Published: 2026-01-13 11:53 – Updated: 2026-01-13 14:44
    VLAI
    Title
    TYPO3 CMS Allows Broken Access Control in Redirects Module
    Summary
    Backend users with access to the redirects module and write permission on the sys_redirect table were able to read, create, and modify any redirect record without restriction to the user’s own file-mounts or web-mounts. This allowed attackers to insert or alter redirects pointing to arbitrary URLs – facilitating phishing or other malicious redirect attacks. This issue affects TYPO3 CMS versions 10.0.0-10.4.54, 11.0.0-11.5.48, 12.0.0-12.4.40, 13.0.0-13.4.22 and 14.0.0-14.0.1.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    TYPO3 TYPO3 CMS Affected: 10.0.0 , < 10.4.55 (semver)
    Affected: 11.0.0 , < 11.5.49 (semver)
    Affected: 12.0.0 , < 12.4.41 (semver)
    Affected: 13.0.0 , < 13.4.23 (semver)
    Affected: 14.0.0 , < 14.0.2 (semver)
    Create a notification for this product.
    Credits
    Georg Dümmler Elias Häußler
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-59021",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-01-13T14:44:34.339533Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-01-13T14:44:44.540Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://packagist.org",
              "defaultStatus": "unaffected",
              "modules": [
                "Redirects"
              ],
              "packageName": "typo3/cms-redirects",
              "product": "TYPO3 CMS",
              "repo": "https://github.com/TYPO3/typo3",
              "vendor": "TYPO3",
              "versions": [
                {
                  "lessThan": "10.4.55",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "11.5.49",
                  "status": "affected",
                  "version": "11.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "12.4.41",
                  "status": "affected",
                  "version": "12.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "13.4.23",
                  "status": "affected",
                  "version": "13.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "14.0.2",
                  "status": "affected",
                  "version": "14.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "10.4.55",
                      "versionStartIncluding": "10.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "11.5.49",
                      "versionStartIncluding": "11.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "12.4.41",
                      "versionStartIncluding": "12.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "13.4.23",
                      "versionStartIncluding": "13.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "14.0.2",
                      "versionStartIncluding": "14.0.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "AND"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "Georg D\u00fcmmler"
            },
            {
              "lang": "en",
              "type": "remediation developer",
              "value": "Elias H\u00e4u\u00dfler"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Backend users with access to the redirects module and write permission on the \u003ccode\u003esys_redirect\u003c/code\u003e table were able to read, create, and modify any redirect record without restriction to the user\u2019s own file-mounts or web-mounts. This allowed attackers to insert or alter redirects pointing to arbitrary URLs \u2013 facilitating phishing or other malicious redirect attacks. This issue affects TYPO3 CMS versions 10.0.0-10.4.54, 11.0.0-11.5.48, 12.0.0-12.4.40, 13.0.0-13.4.22 and 14.0.0-14.0.1."
                }
              ],
              "value": "Backend users with access to the redirects module and write permission on the sys_redirect table were able to read, create, and modify any redirect record without restriction to the user\u2019s own file-mounts or web-mounts. This allowed attackers to insert or alter redirects pointing to arbitrary URLs \u2013 facilitating phishing or other malicious redirect attacks. This issue affects TYPO3 CMS versions 10.0.0-10.4.54, 11.0.0-11.5.48, 12.0.0-12.4.40, 13.0.0-13.4.22 and 14.0.0-14.0.1."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "LOW",
                "vulnConfidentialityImpact": "LOW",
                "vulnIntegrityImpact": "LOW",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-862",
                  "description": "CWE-862 Missing Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-01-13T11:53:25.879Z",
            "orgId": "f4fb688c-4412-4426-b4b8-421ecf27b14a",
            "shortName": "TYPO3"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://typo3.org/security/advisory/typo3-core-sa-2026-002"
            },
            {
              "name": "Git commit of main branch",
              "tags": [
                "patch"
              ],
              "url": "https://github.com/TYPO3/typo3/commit/8a46abd8993e3a5a31a834dcd6c8f91adef57ce4"
            },
            {
              "name": "Git commit of 13.4 branch",
              "tags": [
                "patch"
              ],
              "url": "https://github.com/TYPO3/typo3/commit/bac370df5c1c3fcf5ebc1c030fbd2bec86d6a686"
            },
            {
              "name": "Git commit of 12.4 branch",
              "tags": [
                "patch"
              ],
              "url": "https://github.com/TYPO3/typo3/commit/fbbae3b9a40d0420207ef7af990cdf1ac0612c0b"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "TYPO3 CMS Allows Broken Access Control in Redirects Module",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f4fb688c-4412-4426-b4b8-421ecf27b14a",
        "assignerShortName": "TYPO3",
        "cveId": "CVE-2025-59021",
        "datePublished": "2026-01-13T11:53:25.879Z",
        "dateReserved": "2025-09-07T19:01:20.436Z",
        "dateUpdated": "2026-01-13T14:44:44.540Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-59020 (GCVE-0-2025-59020)

    Vulnerability from nvd – Published: 2026-01-13 11:53 – Updated: 2026-01-13 16:43
    VLAI
    Title
    TYPO3 CMS Allows Broken Access Control in Edit Document Controller
    Summary
    By exploiting the defVals parameter, attackers could bypass field‑level access checks during record creation in the TYPO3 backend. This gave them the ability to insert arbitrary data into prohibited exclude fields of a database table for which the user already has write permission for a reduced set of fields. This issue affects TYPO3 CMS versions 10.0.0-10.4.54, 11.0.0-11.5.48, 12.0.0-12.4.40, 13.0.0-13.4.22 and 14.0.0-14.0.1.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-863 - Incorrect Authorization
    Assigner
    Impacted products
    Vendor Product Version
    TYPO3 TYPO3 CMS Affected: 10.0.0 , < 10.4.55 (semver)
    Affected: 11.0.0 , < 11.5.49 (semver)
    Affected: 12.0.0 , < 12.4.41 (semver)
    Affected: 13.0.0 , < 13.4.23 (semver)
    Affected: 14.0.0 , < 14.0.2 (semver)
    Create a notification for this product.
    Credits
    Daniel Windloff Benjamin Franzke
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-59020",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-01-13T16:42:25.076806Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-01-13T16:43:00.776Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://packagist.org",
              "defaultStatus": "unaffected",
              "modules": [
                "Backend"
              ],
              "packageName": "typo3/cms-backend",
              "product": "TYPO3 CMS",
              "repo": "https://github.com/TYPO3/typo3",
              "vendor": "TYPO3",
              "versions": [
                {
                  "lessThan": "10.4.55",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "11.5.49",
                  "status": "affected",
                  "version": "11.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "12.4.41",
                  "status": "affected",
                  "version": "12.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "13.4.23",
                  "status": "affected",
                  "version": "13.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "14.0.2",
                  "status": "affected",
                  "version": "14.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "10.4.55",
                      "versionStartIncluding": "10.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "11.5.49",
                      "versionStartIncluding": "11.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "12.4.41",
                      "versionStartIncluding": "12.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "13.4.23",
                      "versionStartIncluding": "13.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "14.0.2",
                      "versionStartIncluding": "14.0.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "AND"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "Daniel Windloff"
            },
            {
              "lang": "en",
              "type": "remediation developer",
              "value": "Benjamin Franzke"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "By exploiting the \u003ccode\u003edefVals\u003c/code\u003e parameter, attackers could bypass field\u2011level access checks during record creation in the TYPO3 backend. This gave them the ability to insert arbitrary data into prohibited exclude fields of a database table for which the user already has write permission for a reduced set of fields. This issue affects TYPO3 CMS versions 10.0.0-10.4.54, 11.0.0-11.5.48, 12.0.0-12.4.40, 13.0.0-13.4.22 and 14.0.0-14.0.1."
                }
              ],
              "value": "By exploiting the defVals parameter, attackers could bypass field\u2011level access checks during record creation in the TYPO3 backend. This gave them the ability to insert arbitrary data into prohibited exclude fields of a database table for which the user already has write permission for a reduced set of fields. This issue affects TYPO3 CMS versions 10.0.0-10.4.54, 11.0.0-11.5.48, 12.0.0-12.4.40, 13.0.0-13.4.22 and 14.0.0-14.0.1."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "LOW",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-863",
                  "description": "CWE-863 Incorrect Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-01-13T11:53:02.274Z",
            "orgId": "f4fb688c-4412-4426-b4b8-421ecf27b14a",
            "shortName": "TYPO3"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://typo3.org/security/advisory/typo3-core-sa-2026-001"
            },
            {
              "name": "Git commit of main branch",
              "tags": [
                "patch"
              ],
              "url": "https://github.com/TYPO3/typo3/commit/ac3f792bd5ab7c58153fc1075cb9e001c9cebe3b"
            },
            {
              "name": "Git commit of 13.4 branch",
              "tags": [
                "patch"
              ],
              "url": "https://github.com/TYPO3/typo3/commit/fb98378a8fd30dd50d89a3d1a420780819f38232"
            },
            {
              "name": "Git commit of 12.4 branch",
              "tags": [
                "patch"
              ],
              "url": "https://github.com/TYPO3/typo3/commit/cd11a19958d823d12d028f9345b41739c7e70118"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "TYPO3 CMS Allows Broken Access Control in Edit Document Controller",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f4fb688c-4412-4426-b4b8-421ecf27b14a",
        "assignerShortName": "TYPO3",
        "cveId": "CVE-2025-59020",
        "datePublished": "2026-01-13T11:53:02.274Z",
        "dateReserved": "2025-09-07T19:01:20.436Z",
        "dateUpdated": "2026-01-13T16:43:00.776Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-59019 (GCVE-0-2025-59019)

    Vulnerability from nvd – Published: 2025-09-09 09:01 – Updated: 2025-09-11 20:44
    VLAI
    Title
    Information Disclosure via CSV Download
    Summary
    Missing authorization checks in the CSV download feature of TYPO3 CMS versions 11.0.0‑11.5.47, 12.0.0‑12.4.36, and 13.0.0‑13.4.17 allow backend users to disclose information from arbitrary database tables stored within the users' web mounts without having access to them.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
    Assigner
    References
    Impacted products
    Vendor Product Version
    TYPO3 TYPO3 CMS Affected: 12.0.0 , < 12.4.37 (semver)
    Affected: 13.0.0 , < 13.4.18 (semver)
    Create a notification for this product.
    TYPO3 TYPO3 CMS Affected: 11.0.0 , < 11.5.48 (semver)
    Create a notification for this product.
    Date Public
    2025-09-09 09:00
    Credits
    Oliver Hader Benjamin Franzke
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-59019",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-09-09T19:29:26.567968Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-09-09T19:29:34.088Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://packagist.org",
              "defaultStatus": "unaffected",
              "modules": [
                "Backend"
              ],
              "packageName": "typo3/cms-backend",
              "product": "TYPO3 CMS",
              "repo": "https://github.com/TYPO3/typo3",
              "vendor": "TYPO3",
              "versions": [
                {
                  "lessThan": "12.4.37",
                  "status": "affected",
                  "version": "12.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "13.4.18",
                  "status": "affected",
                  "version": "13.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "collectionURL": "https://packagist.org",
              "defaultStatus": "unaffected",
              "modules": [
                "Record List"
              ],
              "packageName": "typo3/cms-recordlist",
              "product": "TYPO3 CMS",
              "repo": "https://github.com/TYPO3/typo3",
              "vendor": "TYPO3",
              "versions": [
                {
                  "lessThan": "11.5.48",
                  "status": "affected",
                  "version": "11.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "Oliver Hader"
            },
            {
              "lang": "en",
              "type": "remediation developer",
              "value": "Benjamin Franzke"
            }
          ],
          "datePublic": "2025-09-09T09:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Missing authorization checks in the CSV download feature of TYPO3 CMS versions 11.0.0\u201111.5.47, 12.0.0\u201112.4.36, and 13.0.0\u201113.4.17 allow backend users to disclose information from arbitrary database tables stored within the users\u0027 web mounts without having access to them."
                }
              ],
              "value": "Missing authorization checks in the CSV download feature of TYPO3 CMS versions 11.0.0\u201111.5.47, 12.0.0\u201112.4.36, and 13.0.0\u201113.4.17 allow backend users to disclose information from arbitrary database tables stored within the users\u0027 web mounts without having access to them."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "LOW",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-200",
                  "description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-09-11T20:44:40.074Z",
            "orgId": "f4fb688c-4412-4426-b4b8-421ecf27b14a",
            "shortName": "TYPO3"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://typo3.org/security/advisory/typo3-core-sa-2025-023"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Information Disclosure via CSV Download",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f4fb688c-4412-4426-b4b8-421ecf27b14a",
        "assignerShortName": "TYPO3",
        "cveId": "CVE-2025-59019",
        "datePublished": "2025-09-09T09:01:17.787Z",
        "dateReserved": "2025-09-07T19:01:20.436Z",
        "dateUpdated": "2025-09-11T20:44:40.074Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-59018 (GCVE-0-2025-59018)

    Vulnerability from nvd – Published: 2025-09-09 09:01 – Updated: 2025-09-11 20:35
    VLAI
    Title
    Information Disclosure in Workspaces Module
    Summary
    Missing authorization checks in the Workspace Module of TYPO3 CMS versions 9.0.0‑9.5.54, 10.0.0‑10.4.53, 11.0.0‑11.5.47, 12.0.0‑12.4.36, and 13.0.0‑13.4.17 allow backend users to directly invoke the corresponding AJAX backend route to disclose sensitive information without having access.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
    Assigner
    References
    Impacted products
    Vendor Product Version
    TYPO3 TYPO3 CMS Affected: 9.0.0 , < 9.5.55 (semver)
    Affected: 10.0.0 , < 10.4.54 (semver)
    Affected: 11.0.0 , < 11.5.48 (semver)
    Affected: 12.0.0 , < 12.4.37 (semver)
    Affected: 13.0.0 , < 13.4.18 (semver)
    Create a notification for this product.
    Date Public
    2025-09-09 09:00
    Credits
    Oliver Hader Oliver Hader
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-59018",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-09-09T19:29:46.358887Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-09-09T19:29:53.763Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://packagist.org",
              "defaultStatus": "unaffected",
              "modules": [
                "Workspaces"
              ],
              "packageName": "typo3/cms-workspaces",
              "product": "TYPO3 CMS",
              "repo": "https://github.com/TYPO3/typo3",
              "vendor": "TYPO3",
              "versions": [
                {
                  "lessThan": "9.5.55",
                  "status": "affected",
                  "version": "9.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "10.4.54",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "11.5.48",
                  "status": "affected",
                  "version": "11.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "12.4.37",
                  "status": "affected",
                  "version": "12.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "13.4.18",
                  "status": "affected",
                  "version": "13.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "Oliver Hader"
            },
            {
              "lang": "en",
              "type": "remediation developer",
              "value": "Oliver Hader"
            }
          ],
          "datePublic": "2025-09-09T09:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Missing authorization checks in the Workspace Module of TYPO3 CMS versions 9.0.0\u20119.5.54, 10.0.0\u201110.4.53, 11.0.0\u201111.5.47, 12.0.0\u201112.4.36, and 13.0.0\u201113.4.17 allow backend users to directly invoke the corresponding AJAX backend route to disclose sensitive information without having access."
                }
              ],
              "value": "Missing authorization checks in the Workspace Module of TYPO3 CMS versions 9.0.0\u20119.5.54, 10.0.0\u201110.4.53, 11.0.0\u201111.5.47, 12.0.0\u201112.4.36, and 13.0.0\u201113.4.17 allow backend users to directly invoke the corresponding AJAX backend route to disclose sensitive information without having access."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 7.1,
                "baseSeverity": "HIGH",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-200",
                  "description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-09-11T20:35:36.245Z",
            "orgId": "f4fb688c-4412-4426-b4b8-421ecf27b14a",
            "shortName": "TYPO3"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://typo3.org/security/advisory/typo3-core-sa-2025-022"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Information Disclosure in Workspaces Module",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f4fb688c-4412-4426-b4b8-421ecf27b14a",
        "assignerShortName": "TYPO3",
        "cveId": "CVE-2025-59018",
        "datePublished": "2025-09-09T09:01:10.275Z",
        "dateReserved": "2025-09-07T19:01:20.436Z",
        "dateUpdated": "2025-09-11T20:35:36.245Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-59017 (GCVE-0-2025-59017)

    Vulnerability from nvd – Published: 2025-09-09 09:01 – Updated: 2025-09-09 19:30
    VLAI
    Title
    Broken Access Control in Backend AJAX Routes
    Summary
    Missing authorization checks in the Backend Routing of TYPO3 CMS versions 9.0.0‑9.5.54, 10.0.0‑10.4.53, 11.0.0‑11.5.47, 12.0.0‑12.4.36, and 13.0.0‑13.4.17 allow backend users to directly invoke AJAX backend routes without having access to the corresponding backend modules.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    TYPO3 TYPO3 CMS Affected: 9.0.0 , < 9.5.55 (semver)
    Affected: 10.0.0 , < 10.4.54 (semver)
    Affected: 11.0.0 , < 11.5.48 (semver)
    Affected: 12.0.0 , < 12.4.37 (semver)
    Affected: 13.0.0 , < 13.4.18 (semver)
    Create a notification for this product.
    TYPO3 TYPO3 CMS Affected: 10.0.0 , < 10.4.54 (semver)
    Affected: 11.0.0 , < 11.5.48 (semver)
    Affected: 12.0.0 , < 12.4.37 (semver)
    Affected: 13.0.0 , < 13.4.18 (semver)
    Create a notification for this product.
    Date Public
    2025-09-09 09:00
    Credits
    Elias Häußler Elias Häußler
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-59017",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-09-09T19:30:08.547495Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-09-09T19:30:15.708Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://packagist.org",
              "defaultStatus": "unaffected",
              "modules": [
                "Backend"
              ],
              "packageName": "typo3/cms-backend",
              "product": "TYPO3 CMS",
              "repo": "https://github.com/TYPO3/typo3",
              "vendor": "TYPO3",
              "versions": [
                {
                  "lessThan": "9.5.55",
                  "status": "affected",
                  "version": "9.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "10.4.54",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "11.5.48",
                  "status": "affected",
                  "version": "11.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "12.4.37",
                  "status": "affected",
                  "version": "12.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "13.4.18",
                  "status": "affected",
                  "version": "13.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "collectionURL": "https://packagist.org",
              "defaultStatus": "unaffected",
              "modules": [
                "Backend User"
              ],
              "packageName": "typo3/cms-beuser",
              "product": "TYPO3 CMS",
              "repo": "https://github.com/TYPO3/typo3",
              "vendor": "TYPO3",
              "versions": [
                {
                  "lessThan": "9.5.55",
                  "status": "affected",
                  "version": "9.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "10.4.54",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "11.5.48",
                  "status": "affected",
                  "version": "11.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "12.4.37",
                  "status": "affected",
                  "version": "12.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "13.4.18",
                  "status": "affected",
                  "version": "13.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "collectionURL": "https://packagist.org",
              "defaultStatus": "unaffected",
              "modules": [
                "Dashboard"
              ],
              "packageName": "typo3/cms-dashboard",
              "product": "TYPO3 CMS",
              "repo": "https://github.com/TYPO3/typo3",
              "vendor": "TYPO3",
              "versions": [
                {
                  "lessThan": "10.4.54",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "11.5.48",
                  "status": "affected",
                  "version": "11.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "12.4.37",
                  "status": "affected",
                  "version": "12.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "13.4.18",
                  "status": "affected",
                  "version": "13.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "collectionURL": "https://packagist.org",
              "defaultStatus": "unaffected",
              "modules": [
                "Recycler"
              ],
              "packageName": "typo3/cms-recycler",
              "product": "TYPO3 CMS",
              "repo": "https://github.com/TYPO3/typo3",
              "vendor": "TYPO3",
              "versions": [
                {
                  "lessThan": "9.5.55",
                  "status": "affected",
                  "version": "9.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "10.4.54",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "11.5.48",
                  "status": "affected",
                  "version": "11.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "12.4.37",
                  "status": "affected",
                  "version": "12.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "13.4.18",
                  "status": "affected",
                  "version": "13.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "collectionURL": "https://packagist.org",
              "defaultStatus": "unaffected",
              "modules": [
                "Workspaces"
              ],
              "packageName": "typo3/cms-workspaces",
              "product": "TYPO3 CMS",
              "repo": "https://github.com/TYPO3/typo3",
              "vendor": "TYPO3",
              "versions": [
                {
                  "lessThan": "9.5.55",
                  "status": "affected",
                  "version": "9.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "10.4.54",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "11.5.48",
                  "status": "affected",
                  "version": "11.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "12.4.37",
                  "status": "affected",
                  "version": "12.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "13.4.18",
                  "status": "affected",
                  "version": "13.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "Elias H\u00e4u\u00dfler"
            },
            {
              "lang": "en",
              "type": "remediation developer",
              "value": "Elias H\u00e4u\u00dfler"
            }
          ],
          "datePublic": "2025-09-09T09:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Missing authorization checks in the Backend Routing of TYPO3 CMS versions 9.0.0\u20119.5.54, 10.0.0\u201110.4.53, 11.0.0\u201111.5.47, 12.0.0\u201112.4.36, and 13.0.0\u201113.4.17 allow backend users to directly invoke AJAX backend routes without having access to the corresponding backend modules."
                }
              ],
              "value": "Missing authorization checks in the Backend Routing of TYPO3 CMS versions 9.0.0\u20119.5.54, 10.0.0\u201110.4.53, 11.0.0\u201111.5.47, 12.0.0\u201112.4.36, and 13.0.0\u201113.4.17 allow backend users to directly invoke AJAX backend routes without having access to the corresponding backend modules."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "LOW",
                "vulnConfidentialityImpact": "LOW",
                "vulnIntegrityImpact": "LOW",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-862",
                  "description": "CWE-862 Missing Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-09-09T09:01:03.951Z",
            "orgId": "f4fb688c-4412-4426-b4b8-421ecf27b14a",
            "shortName": "TYPO3"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://typo3.org/security/advisory/typo3-core-sa-2025-021"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Broken Access Control in Backend AJAX Routes",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f4fb688c-4412-4426-b4b8-421ecf27b14a",
        "assignerShortName": "TYPO3",
        "cveId": "CVE-2025-59017",
        "datePublished": "2025-09-09T09:01:03.951Z",
        "dateReserved": "2025-09-07T19:01:20.436Z",
        "dateUpdated": "2025-09-09T19:30:15.708Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-59016 (GCVE-0-2025-59016)

    Vulnerability from nvd – Published: 2025-09-09 09:00 – Updated: 2025-09-09 19:30
    VLAI
    Title
    Information Disclosure via File Abstraction Layer
    Summary
    Error messages containing sensitive information in the File Abstraction Layer in TYPO3 CMS versions 9.0.0-9.5.54, 10.0.0-10.4.53, 11.0.0-11.5.47, 12.0.0-12.4.36, and 13.0.0-13.4.17 allow backend users to disclose full file paths via failed low-level file-system operations.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-209 - Generation of Error Message Containing Sensitive Information
    Assigner
    References
    Impacted products
    Vendor Product Version
    TYPO3 TYPO3 CMS Affected: 9.0.0 , < 9.5.55 (semver)
    Affected: 10.0.0 , < 10.4.54 (semver)
    Affected: 11.0.0 , < 11.5.48 (semver)
    Affected: 12.0.0 , < 12.4.37 (semver)
    Affected: 13.0.0 , < 13.4.18 (semver)
    Create a notification for this product.
    Date Public
    2025-09-09 09:00
    Credits
    Dmitry Petschke Marc Willmann Andreas Kienast
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-59016",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-09-09T19:30:29.461750Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-09-09T19:30:37.493Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://packagist.org",
              "defaultStatus": "unaffected",
              "modules": [
                "Core"
              ],
              "packageName": "typo3/cms-core",
              "product": "TYPO3 CMS",
              "repo": "https://github.com/TYPO3/typo3",
              "vendor": "TYPO3",
              "versions": [
                {
                  "lessThan": "9.5.55",
                  "status": "affected",
                  "version": "9.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "10.4.54",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "11.5.48",
                  "status": "affected",
                  "version": "11.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "12.4.37",
                  "status": "affected",
                  "version": "12.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "13.4.18",
                  "status": "affected",
                  "version": "13.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "Dmitry Petschke"
            },
            {
              "lang": "en",
              "type": "reporter",
              "value": "Marc Willmann"
            },
            {
              "lang": "en",
              "type": "remediation developer",
              "value": "Andreas Kienast"
            }
          ],
          "datePublic": "2025-09-09T09:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Error messages containing sensitive information in the File Abstraction Layer in TYPO3 CMS versions 9.0.0-9.5.54, 10.0.0-10.4.53, 11.0.0-11.5.47, 12.0.0-12.4.36, and 13.0.0-13.4.17 allow backend users to disclose full file paths via failed low-level file-system operations."
                }
              ],
              "value": "Error messages containing sensitive information in the File Abstraction Layer in TYPO3 CMS versions 9.0.0-9.5.54, 10.0.0-10.4.53, 11.0.0-11.5.47, 12.0.0-12.4.36, and 13.0.0-13.4.17 allow backend users to disclose full file paths via failed low-level file-system operations."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "LOW",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-209",
                  "description": "CWE-209 Generation of Error Message Containing Sensitive Information",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-09-09T09:00:55.985Z",
            "orgId": "f4fb688c-4412-4426-b4b8-421ecf27b14a",
            "shortName": "TYPO3"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://typo3.org/security/advisory/typo3-core-sa-2025-020"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Information Disclosure via File Abstraction Layer",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f4fb688c-4412-4426-b4b8-421ecf27b14a",
        "assignerShortName": "TYPO3",
        "cveId": "CVE-2025-59016",
        "datePublished": "2025-09-09T09:00:55.985Z",
        "dateReserved": "2025-09-07T19:01:20.436Z",
        "dateUpdated": "2025-09-09T19:30:37.493Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-59015 (GCVE-0-2025-59015)

    Vulnerability from nvd – Published: 2025-09-09 09:00 – Updated: 2025-09-09 19:31
    VLAI
    Title
    Insufficient Entropy in Password Generation
    Summary
    A deterministic three‑character prefix in the Password Generation component of TYPO3 CMS versions 12.0.0–12.4.36 and 13.0.0–13.4.17 reduces entropy, allowing attackers to carry out brute‑force attacks more quickly.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    TYPO3 TYPO3 CMS Affected: 12.0.0 , < 12.4.37 (semver)
    Affected: 13.0.0 , < 13.4.18 (semver)
    Create a notification for this product.
    Date Public
    2025-09-09 09:00
    Credits
    Mathias Brodala Oliver Hader
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-59015",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-09-09T19:31:01.239247Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-09-09T19:31:09.254Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://packagist.org",
              "defaultStatus": "unaffected",
              "modules": [
                "Core"
              ],
              "packageName": "typo3/cms-core",
              "product": "TYPO3 CMS",
              "repo": "https://github.com/TYPO3/typo3",
              "vendor": "TYPO3",
              "versions": [
                {
                  "lessThan": "12.4.37",
                  "status": "affected",
                  "version": "12.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "13.4.18",
                  "status": "affected",
                  "version": "13.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "Mathias Brodala"
            },
            {
              "lang": "en",
              "type": "remediation developer",
              "value": "Oliver Hader"
            }
          ],
          "datePublic": "2025-09-09T09:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A deterministic three\u2011character prefix in the Password Generation component of TYPO3 CMS versions 12.0.0\u201312.4.36 and 13.0.0\u201313.4.17 reduces entropy, allowing attackers to carry out brute\u2011force attacks more quickly."
                }
              ],
              "value": "A deterministic three\u2011character prefix in the Password Generation component of TYPO3 CMS versions 12.0.0\u201312.4.36 and 13.0.0\u201313.4.17 reduces entropy, allowing attackers to carry out brute\u2011force attacks more quickly."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "HIGH",
                "attackRequirements": "PRESENT",
                "attackVector": "NETWORK",
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "LOW",
                "vulnIntegrityImpact": "LOW",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-331",
                  "description": "CWE-331 Insufficient Entropy",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-09-09T09:00:48.801Z",
            "orgId": "f4fb688c-4412-4426-b4b8-421ecf27b14a",
            "shortName": "TYPO3"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://typo3.org/security/advisory/typo3-core-sa-2025-019"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Insufficient Entropy in Password Generation",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f4fb688c-4412-4426-b4b8-421ecf27b14a",
        "assignerShortName": "TYPO3",
        "cveId": "CVE-2025-59015",
        "datePublished": "2025-09-09T09:00:48.801Z",
        "dateReserved": "2025-09-07T19:01:20.436Z",
        "dateUpdated": "2025-09-09T19:31:09.254Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-59014 (GCVE-0-2025-59014)

    Vulnerability from nvd – Published: 2025-09-09 09:00 – Updated: 2025-09-09 19:31
    VLAI
    Title
    Denial of Service in TYPO3 Bookmark Toolbar
    Summary
    An uncaught exception in the Bookmark Toolbar of TYPO3 CMS versions 11.0.0–11.5.47, 12.0.0–12.4.36, and 13.0.0–13.4.17 lets administrator‑level backend users trigger a denial‑of‑service condition in the backend user interface by saving manipulated data in the bookmark toolbar.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    TYPO3 TYPO3 CMS Affected: 11.0.0 , < 11.5.48 (semver)
    Affected: 12.0.0 , < 12.4.37 (semver)
    Affected: 13.0.0 , < 13.4.18 (semver)
    Create a notification for this product.
    Date Public
    2025-09-09 09:00
    Credits
    Jakub Świes Oliver Hader
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-59014",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-09-09T19:31:24.905016Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-09-09T19:31:32.972Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://packagist.org",
              "defaultStatus": "unaffected",
              "modules": [
                "Backend"
              ],
              "packageName": "typo3/cms-backend",
              "product": "TYPO3 CMS",
              "repo": "https://github.com/TYPO3/typo3",
              "vendor": "TYPO3",
              "versions": [
                {
                  "lessThan": "11.5.48",
                  "status": "affected",
                  "version": "11.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "12.4.37",
                  "status": "affected",
                  "version": "12.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "13.4.18",
                  "status": "affected",
                  "version": "13.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "Jakub \u015awies"
            },
            {
              "lang": "en",
              "type": "remediation developer",
              "value": "Oliver Hader"
            }
          ],
          "datePublic": "2025-09-09T09:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "An uncaught exception in the Bookmark Toolbar of TYPO3 CMS versions 11.0.0\u201311.5.47, 12.0.0\u201312.4.36, and 13.0.0\u201313.4.17 lets administrator\u2011level backend users trigger a denial\u2011of\u2011service condition in the backend user interface by saving manipulated data in the bookmark toolbar."
                }
              ],
              "value": "An uncaught exception in the Bookmark Toolbar of TYPO3 CMS versions 11.0.0\u201311.5.47, 12.0.0\u201312.4.36, and 13.0.0\u201313.4.17 lets administrator\u2011level backend users trigger a denial\u2011of\u2011service condition in the backend user interface by saving manipulated data in the bookmark toolbar."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 5.1,
                "baseSeverity": "MEDIUM",
                "privilegesRequired": "HIGH",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "LOW",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-248",
                  "description": "CWE-248",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-09-09T09:00:38.664Z",
            "orgId": "f4fb688c-4412-4426-b4b8-421ecf27b14a",
            "shortName": "TYPO3"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://typo3.org/security/advisory/typo3-core-sa-2025-018"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Denial of Service in TYPO3 Bookmark Toolbar",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f4fb688c-4412-4426-b4b8-421ecf27b14a",
        "assignerShortName": "TYPO3",
        "cveId": "CVE-2025-59014",
        "datePublished": "2025-09-09T09:00:38.664Z",
        "dateReserved": "2025-09-07T19:01:20.435Z",
        "dateUpdated": "2025-09-09T19:31:32.972Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-59013 (GCVE-0-2025-59013)

    Vulnerability from nvd – Published: 2025-09-09 09:00 – Updated: 2025-09-09 19:31
    VLAI
    Title
    Open Redirect in TYPO3 CMS
    Summary
    An open‑redirect vulnerability in GeneralUtility::sanitizeLocalUrl of TYPO3 CMS 9.0.0–9.5.54, 10.0.0–10.4.53, 11.0.0–11.5.47, 12.0.0–12.4.36, and 13.0.0–13.4.17 allows an attacker to redirect users to arbitrary external sites, enabling phishing attacks by supplying a manipulated, sanitized URL.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-601 - URL Redirection to Untrusted Site ('Open Redirect')
    Assigner
    References
    Impacted products
    Vendor Product Version
    TYPO3 TYPO3 CMS Affected: 9.0.0 , < 9.5.55 (semver)
    Affected: 10.0.0 , < 10.4.54 (semver)
    Affected: 11.0.0 , < 11.5.48 (semver)
    Affected: 12.0.0 , < 12.4.37 (semver)
    Affected: 13.0.0 , < 13.4.18 (semver)
    Create a notification for this product.
    Date Public
    2025-09-09 09:00
    Credits
    Oliver Hader Benjamin Franzke
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-59013",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-09-09T19:31:48.748993Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-09-09T19:31:56.794Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://packagist.org",
              "defaultStatus": "unaffected",
              "modules": [
                "Core"
              ],
              "packageName": "typo3/cms-core",
              "product": "TYPO3 CMS",
              "repo": "https://github.com/TYPO3/typo3",
              "vendor": "TYPO3",
              "versions": [
                {
                  "lessThan": "9.5.55",
                  "status": "affected",
                  "version": "9.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "10.4.54",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "11.5.48",
                  "status": "affected",
                  "version": "11.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "12.4.37",
                  "status": "affected",
                  "version": "12.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "13.4.18",
                  "status": "affected",
                  "version": "13.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "Oliver Hader"
            },
            {
              "lang": "en",
              "type": "remediation developer",
              "value": "Benjamin Franzke"
            }
          ],
          "datePublic": "2025-09-09T09:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "An open\u2011redirect vulnerability in \u003ccode\u003eGeneralUtility::sanitizeLocalUrl\u003c/code\u003e of TYPO3 CMS 9.0.0\u20139.5.54, 10.0.0\u201310.4.53, 11.0.0\u201311.5.47, 12.0.0\u201312.4.36, and 13.0.0\u201313.4.17 allows an attacker to redirect users to arbitrary external sites, enabling phishing attacks by supplying a manipulated, sanitized URL."
                }
              ],
              "value": "An open\u2011redirect vulnerability in GeneralUtility::sanitizeLocalUrl of TYPO3 CMS 9.0.0\u20139.5.54, 10.0.0\u201310.4.53, 11.0.0\u201311.5.47, 12.0.0\u201312.4.36, and 13.0.0\u201313.4.17 allows an attacker to redirect users to arbitrary external sites, enabling phishing attacks by supplying a manipulated, sanitized URL."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "LOW",
                "userInteraction": "PASSIVE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-601",
                  "description": "CWE-601 URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-09-09T09:00:23.176Z",
            "orgId": "f4fb688c-4412-4426-b4b8-421ecf27b14a",
            "shortName": "TYPO3"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://typo3.org/security/advisory/typo3-core-sa-2025-017"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Open Redirect in TYPO3 CMS",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f4fb688c-4412-4426-b4b8-421ecf27b14a",
        "assignerShortName": "TYPO3",
        "cveId": "CVE-2025-59013",
        "datePublished": "2025-09-09T09:00:23.176Z",
        "dateReserved": "2025-09-07T19:01:20.435Z",
        "dateUpdated": "2025-09-09T19:31:56.794Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-7900 (GCVE-0-2025-7900)

    Vulnerability from nvd – Published: 2025-07-22 10:21 – Updated: 2025-07-22 14:17
    VLAI
    Title
    Insecure Direct Object Reference in extension "femanager" (femanager)
    Summary
    The femanager extension for TYPO3 allows Insecure Direct Object Reference resulting in unauthorized modification of userdata. This issue affects femanager version 6.4.1 and below, 7.0.0 to 7.5.2 and 8.0.0 to 8.3.0
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-639 - Authorization Bypass Through User-Controlled Key
    Assigner
    Impacted products
    Vendor Product Version
    TYPO3 Extension "femanager" Affected: 8.0.0 , ≤ 8.3.0 (semver)
    Affected: 7.0.0 , ≤ 7.5.2 (semver)
    Affected: 0 , ≤ 6.4.1 (semver)
    Create a notification for this product.
    Date Public
    2025-07-22 08:00
    Credits
    Alexander Freundlieb
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-7900",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-07-22T14:11:59.841789Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-07-22T14:17:04.005Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://packagist.org/",
              "defaultStatus": "unaffected",
              "packageName": "in2code/femanager",
              "product": "Extension \"femanager\"",
              "repo": "https://github.com/in2code-de/femanager",
              "vendor": "TYPO3",
              "versions": [
                {
                  "lessThanOrEqual": "8.3.0",
                  "status": "affected",
                  "version": "8.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.5.2",
                  "status": "affected",
                  "version": "7.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "6.4.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "Alexander Freundlieb"
            }
          ],
          "datePublic": "2025-07-22T08:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cdiv\u003eThe femanager extension for TYPO3 allows Insecure Direct Object Reference resulting in unauthorized modification of userdata. This issue affects femanager version \u003cspan style=\"background-color: transparent;\"\u003e6.4.1 and below, 7.0.0 to 7.5.2 and 8.0.0 to 8.3.0\u003c/span\u003e\u003c/div\u003e"
                }
              ],
              "value": "The femanager extension for TYPO3 allows Insecure Direct Object Reference resulting in unauthorized modification of userdata. This issue affects femanager version 6.4.1 and below, 7.0.0 to 7.5.2 and 8.0.0 to 8.3.0"
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-137",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-137 Parameter Injection"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "LOW",
                "vulnIntegrityImpact": "LOW",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-639",
                  "description": "CWE-639 Authorization Bypass Through User-Controlled Key",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-07-22T10:21:32.123Z",
            "orgId": "f4fb688c-4412-4426-b4b8-421ecf27b14a",
            "shortName": "TYPO3"
          },
          "references": [
            {
              "url": "https://typo3.org/security/advisory/typo3-ext-sa-2025-010"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Insecure Direct Object Reference in extension \"femanager\" (femanager)",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f4fb688c-4412-4426-b4b8-421ecf27b14a",
        "assignerShortName": "TYPO3",
        "cveId": "CVE-2025-7900",
        "datePublished": "2025-07-22T10:21:32.123Z",
        "dateReserved": "2025-07-19T12:40:19.076Z",
        "dateUpdated": "2025-07-22T14:17:04.005Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2026-6553 (GCVE-0-2026-6553)

    Vulnerability from cvelistv5 – Published: 2026-04-21 10:04 – Updated: 2026-04-21 13:20
    VLAI
    Title
    TYPO3 CMS Stores Cleartext Password in User Settings Module
    Summary
    Changing backend users' passwords via the user settings module results in storing the cleartext password in the uc and user_settings fields of the be_users database table. This issue affects TYPO3 CMS version 14.2.0.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-312 - Cleartext storage of sensitive information
    Assigner
    Impacted products
    Vendor Product Version
    TYPO3 TYPO3 CMS Affected: 14.2.0 , < 14.3.0 (semver)
    Create a notification for this product.
    Credits
    Martin Clewing Garvin Hicking Stefan Bürk Oliver Hader
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-6553",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-04-21T13:20:11.733627Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-04-21T13:20:23.515Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://packagist.org",
              "defaultStatus": "unaffected",
              "packageName": "typo3/cms-backend",
              "product": "TYPO3 CMS",
              "repo": "https://github.com/TYPO3/typo3",
              "vendor": "TYPO3",
              "versions": [
                {
                  "lessThan": "14.3.0",
                  "status": "affected",
                  "version": "14.2.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "14.3.0",
                      "versionStartIncluding": "14.2.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "Martin Clewing"
            },
            {
              "lang": "en",
              "type": "remediation developer",
              "value": "Garvin Hicking"
            },
            {
              "lang": "en",
              "type": "remediation developer",
              "value": "Stefan B\u00fcrk"
            },
            {
              "lang": "en",
              "type": "remediation developer",
              "value": "Oliver Hader"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Changing backend users\u0027 passwords via the user settings module results in storing the cleartext password in the \u003ccode\u003euc\u003c/code\u003e and \u003ccode\u003euser_settings\u003c/code\u003e fields of the \u003ccode\u003ebe_users\u003c/code\u003e database table. This issue affects TYPO3 CMS version 14.2.0."
                }
              ],
              "value": "Changing backend users\u0027 passwords via the user settings module results in storing the cleartext password in the uc and user_settings fields of the be_users database table. This issue affects TYPO3 CMS version 14.2.0."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "PRESENT",
                "attackVector": "NETWORK",
                "baseScore": 7.3,
                "baseSeverity": "HIGH",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "HIGH",
                "subConfidentialityImpact": "HIGH",
                "subIntegrityImpact": "HIGH",
                "userInteraction": "PASSIVE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:N/VA:N/SC:H/SI:H/SA:H",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-312",
                  "description": "CWE-312 Cleartext storage of sensitive information",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-21T10:08:27.342Z",
            "orgId": "f4fb688c-4412-4426-b4b8-421ecf27b14a",
            "shortName": "TYPO3"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://typo3.org/security/advisory/typo3-core-sa-2026-005"
            },
            {
              "name": "Git commit of main branch",
              "tags": [
                "patch"
              ],
              "url": "https://github.com/TYPO3/typo3/commit/9a6e913f70767f63b322ae3e2d2f4e302624c291"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "TYPO3 CMS Stores Cleartext Password in User Settings Module",
          "x_generator": {
            "engine": "Vulnogram 1.0.1"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f4fb688c-4412-4426-b4b8-421ecf27b14a",
        "assignerShortName": "TYPO3",
        "cveId": "CVE-2026-6553",
        "datePublished": "2026-04-21T10:04:02.525Z",
        "dateReserved": "2026-04-17T21:40:53.165Z",
        "dateUpdated": "2026-04-21T13:20:23.515Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-0859 (GCVE-0-2026-0859)

    Vulnerability from cvelistv5 – Published: 2026-01-13 11:54 – Updated: 2026-01-13 14:12
    VLAI
    Title
    TYPO3 CMS Allows Insecure Deserialization via Mailer File Spool
    Summary
    TYPO3's mail‑file spool deserialization flaw lets local users with write access to the spool directory craft a malicious file that is deserialized during the mailer:spool:send command, enabling arbitrary PHP code execution on the web server. This issue affects TYPO3 CMS versions 10.0.0-10.4.54, 11.0.0-11.5.48, 12.0.0-12.4.40, 13.0.0-13.4.22 and 14.0.0-14.0.1.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-502 - Deserialization of Untrusted Data
    Assigner
    Impacted products
    Vendor Product Version
    TYPO3 TYPO3 CMS Affected: 10.0.0 , < 10.4.55 (semver)
    Affected: 11.0.0 , < 11.5.49 (semver)
    Affected: 12.0.0 , < 12.4.41 (semver)
    Affected: 13.0.0 , < 13.4.23 (semver)
    Affected: 14.0.0 , < 14.0.2 (semver)
    Create a notification for this product.
    Credits
    Vitaly Simonovich Elias Häußler Oliver Hader
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-0859",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-01-13T14:11:54.124321Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-01-13T14:12:12.132Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://packagist.org",
              "defaultStatus": "unaffected",
              "modules": [
                "Core"
              ],
              "packageName": "typo3/cms-core",
              "product": "TYPO3 CMS",
              "repo": "https://github.com/TYPO3/typo3",
              "vendor": "TYPO3",
              "versions": [
                {
                  "lessThan": "10.4.55",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "11.5.49",
                  "status": "affected",
                  "version": "11.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "12.4.41",
                  "status": "affected",
                  "version": "12.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "13.4.23",
                  "status": "affected",
                  "version": "13.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "14.0.2",
                  "status": "affected",
                  "version": "14.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "10.4.55",
                      "versionStartIncluding": "10.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "11.5.49",
                      "versionStartIncluding": "11.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "12.4.41",
                      "versionStartIncluding": "12.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "13.4.23",
                      "versionStartIncluding": "13.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "14.0.2",
                      "versionStartIncluding": "14.0.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "Vitaly Simonovich"
            },
            {
              "lang": "en",
              "type": "remediation developer",
              "value": "Elias H\u00e4u\u00dfler"
            },
            {
              "lang": "en",
              "type": "remediation developer",
              "value": "Oliver Hader"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "TYPO3\u0027s mail\u2011file spool deserialization flaw lets local users with write access to the spool directory craft a malicious file that is deserialized during the \u003ccode\u003emailer:spool:send\u003c/code\u003e command, enabling arbitrary PHP code execution on the web server. This issue affects TYPO3 CMS versions 10.0.0-10.4.54, 11.0.0-11.5.48, 12.0.0-12.4.40, 13.0.0-13.4.22 and 14.0.0-14.0.1."
                }
              ],
              "value": "TYPO3\u0027s mail\u2011file spool deserialization flaw lets local users with write access to the spool directory craft a malicious file that is deserialized during the mailer:spool:send command, enabling arbitrary PHP code execution on the web server. This issue affects TYPO3 CMS versions 10.0.0-10.4.54, 11.0.0-11.5.48, 12.0.0-12.4.40, 13.0.0-13.4.22 and 14.0.0-14.0.1."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "PRESENT",
                "attackVector": "LOCAL",
                "baseScore": 5.2,
                "baseSeverity": "MEDIUM",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "HIGH",
                "subConfidentialityImpact": "HIGH",
                "subIntegrityImpact": "HIGH",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:H/SI:H/SA:H",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "LOW",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-502",
                  "description": "CWE-502 Deserialization of Untrusted Data",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-01-13T11:54:25.069Z",
            "orgId": "f4fb688c-4412-4426-b4b8-421ecf27b14a",
            "shortName": "TYPO3"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://typo3.org/security/advisory/typo3-core-sa-2026-004"
            },
            {
              "name": "Git commit of main branch",
              "tags": [
                "patch"
              ],
              "url": "https://github.com/TYPO3/typo3/commit/3225d705080a1bde57a66689621c947da5a4782f"
            },
            {
              "name": "Git commit of 13.4 branch",
              "tags": [
                "patch"
              ],
              "url": "https://github.com/TYPO3/typo3/commit/e0f0ceee480c203fbb60b87454f5f193e541d27f"
            },
            {
              "name": "Git commit of 12.4 branch",
              "tags": [
                "patch"
              ],
              "url": "https://github.com/TYPO3/typo3/commit/722bf71c118b0a8e4f2c2494854437d846799a13"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "TYPO3 CMS Allows Insecure Deserialization via Mailer File Spool",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f4fb688c-4412-4426-b4b8-421ecf27b14a",
        "assignerShortName": "TYPO3",
        "cveId": "CVE-2026-0859",
        "datePublished": "2026-01-13T11:54:11.494Z",
        "dateReserved": "2026-01-12T11:25:46.041Z",
        "dateUpdated": "2026-01-13T14:12:12.132Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-59022 (GCVE-0-2025-59022)

    Vulnerability from cvelistv5 – Published: 2026-01-13 11:53 – Updated: 2026-01-13 14:21
    VLAI
    Title
    TYPO3 CMS Allows Broken Access Control in Recycler Module
    Summary
    Backend users who had access to the recycler module could delete arbitrary data from any database table defined in the TCA - regardless of whether they had permission to that particular table. This allowed attackers to purge and destroy critical site data, effectively rendering the website unavailable. This issue affects TYPO3 CMS versions 10.0.0-10.4.54, 11.0.0-11.5.48, 12.0.0-12.4.40, 13.0.0-13.4.22 and 14.0.0-14.0.1.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    TYPO3 TYPO3 CMS Affected: 10.0.0 , < 10.4.55 (semver)
    Affected: 11.0.0 , < 11.5.49 (semver)
    Affected: 12.0.0 , < 12.4.41 (semver)
    Affected: 13.0.0 , < 13.4.23 (semver)
    Affected: 14.0.0 , < 14.0.2 (semver)
    Create a notification for this product.
    Credits
    Sven Jürgens Daniel Windloff Elias Häußler
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-59022",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-01-13T14:19:35.396050Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-01-13T14:21:59.794Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://packagist.org",
              "defaultStatus": "unaffected",
              "modules": [
                "Recycler"
              ],
              "packageName": "typo3/cms-recycler",
              "product": "TYPO3 CMS",
              "repo": "https://github.com/TYPO3/typo3",
              "vendor": "TYPO3",
              "versions": [
                {
                  "lessThan": "10.4.55",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "11.5.49",
                  "status": "affected",
                  "version": "11.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "12.4.41",
                  "status": "affected",
                  "version": "12.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "13.4.23",
                  "status": "affected",
                  "version": "13.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "14.0.2",
                  "status": "affected",
                  "version": "14.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "10.4.55",
                      "versionStartIncluding": "10.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "11.5.49",
                      "versionStartIncluding": "11.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "12.4.41",
                      "versionStartIncluding": "12.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "13.4.23",
                      "versionStartIncluding": "13.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "14.0.2",
                      "versionStartIncluding": "14.0.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "AND"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "Sven J\u00fcrgens"
            },
            {
              "lang": "en",
              "type": "reporter",
              "value": "Daniel Windloff"
            },
            {
              "lang": "en",
              "type": "remediation developer",
              "value": "Elias H\u00e4u\u00dfler"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Backend users who had access to the recycler module could delete arbitrary data from any database table defined in the \u003ccode\u003eTCA\u003c/code\u003e - regardless of whether they had permission to that particular table. This allowed attackers to purge and destroy critical site data, effectively rendering the website unavailable. This issue affects TYPO3 CMS versions 10.0.0-10.4.54, 11.0.0-11.5.48, 12.0.0-12.4.40, 13.0.0-13.4.22 and 14.0.0-14.0.1."
                }
              ],
              "value": "Backend users who had access to the recycler module could delete arbitrary data from any database table defined in the TCA - regardless of whether they had permission to that particular table. This allowed attackers to purge and destroy critical site data, effectively rendering the website unavailable. This issue affects TYPO3 CMS versions 10.0.0-10.4.54, 11.0.0-11.5.48, 12.0.0-12.4.40, 13.0.0-13.4.22 and 14.0.0-14.0.1."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 7.1,
                "baseSeverity": "HIGH",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-862",
                  "description": "CWE-862 Missing Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-01-13T11:53:45.184Z",
            "orgId": "f4fb688c-4412-4426-b4b8-421ecf27b14a",
            "shortName": "TYPO3"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://typo3.org/security/advisory/typo3-core-sa-2026-003"
            },
            {
              "name": "Git commit of main branch",
              "tags": [
                "patch"
              ],
              "url": "https://github.com/TYPO3/typo3/commit/336d6f165458a0ce32d8330999ab9ab6a5983d20"
            },
            {
              "name": "Git commit of 13.4 branch",
              "tags": [
                "patch"
              ],
              "url": "https://github.com/TYPO3/typo3/commit/efb9528f9882ac924c40598ebd8508479e9950a3"
            },
            {
              "name": "Git commit of 12.4 branch",
              "tags": [
                "patch"
              ],
              "url": "https://github.com/TYPO3/typo3/commit/a6604db66499710f72ae6e7006beb14ad0913aae"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "TYPO3 CMS Allows Broken Access Control in Recycler Module",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f4fb688c-4412-4426-b4b8-421ecf27b14a",
        "assignerShortName": "TYPO3",
        "cveId": "CVE-2025-59022",
        "datePublished": "2026-01-13T11:53:45.184Z",
        "dateReserved": "2025-09-07T19:01:20.436Z",
        "dateUpdated": "2026-01-13T14:21:59.794Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-59021 (GCVE-0-2025-59021)

    Vulnerability from cvelistv5 – Published: 2026-01-13 11:53 – Updated: 2026-01-13 14:44
    VLAI
    Title
    TYPO3 CMS Allows Broken Access Control in Redirects Module
    Summary
    Backend users with access to the redirects module and write permission on the sys_redirect table were able to read, create, and modify any redirect record without restriction to the user’s own file-mounts or web-mounts. This allowed attackers to insert or alter redirects pointing to arbitrary URLs – facilitating phishing or other malicious redirect attacks. This issue affects TYPO3 CMS versions 10.0.0-10.4.54, 11.0.0-11.5.48, 12.0.0-12.4.40, 13.0.0-13.4.22 and 14.0.0-14.0.1.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    TYPO3 TYPO3 CMS Affected: 10.0.0 , < 10.4.55 (semver)
    Affected: 11.0.0 , < 11.5.49 (semver)
    Affected: 12.0.0 , < 12.4.41 (semver)
    Affected: 13.0.0 , < 13.4.23 (semver)
    Affected: 14.0.0 , < 14.0.2 (semver)
    Create a notification for this product.
    Credits
    Georg Dümmler Elias Häußler
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-59021",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-01-13T14:44:34.339533Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-01-13T14:44:44.540Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://packagist.org",
              "defaultStatus": "unaffected",
              "modules": [
                "Redirects"
              ],
              "packageName": "typo3/cms-redirects",
              "product": "TYPO3 CMS",
              "repo": "https://github.com/TYPO3/typo3",
              "vendor": "TYPO3",
              "versions": [
                {
                  "lessThan": "10.4.55",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "11.5.49",
                  "status": "affected",
                  "version": "11.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "12.4.41",
                  "status": "affected",
                  "version": "12.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "13.4.23",
                  "status": "affected",
                  "version": "13.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "14.0.2",
                  "status": "affected",
                  "version": "14.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "10.4.55",
                      "versionStartIncluding": "10.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "11.5.49",
                      "versionStartIncluding": "11.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "12.4.41",
                      "versionStartIncluding": "12.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "13.4.23",
                      "versionStartIncluding": "13.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "14.0.2",
                      "versionStartIncluding": "14.0.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "AND"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "Georg D\u00fcmmler"
            },
            {
              "lang": "en",
              "type": "remediation developer",
              "value": "Elias H\u00e4u\u00dfler"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Backend users with access to the redirects module and write permission on the \u003ccode\u003esys_redirect\u003c/code\u003e table were able to read, create, and modify any redirect record without restriction to the user\u2019s own file-mounts or web-mounts. This allowed attackers to insert or alter redirects pointing to arbitrary URLs \u2013 facilitating phishing or other malicious redirect attacks. This issue affects TYPO3 CMS versions 10.0.0-10.4.54, 11.0.0-11.5.48, 12.0.0-12.4.40, 13.0.0-13.4.22 and 14.0.0-14.0.1."
                }
              ],
              "value": "Backend users with access to the redirects module and write permission on the sys_redirect table were able to read, create, and modify any redirect record without restriction to the user\u2019s own file-mounts or web-mounts. This allowed attackers to insert or alter redirects pointing to arbitrary URLs \u2013 facilitating phishing or other malicious redirect attacks. This issue affects TYPO3 CMS versions 10.0.0-10.4.54, 11.0.0-11.5.48, 12.0.0-12.4.40, 13.0.0-13.4.22 and 14.0.0-14.0.1."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "LOW",
                "vulnConfidentialityImpact": "LOW",
                "vulnIntegrityImpact": "LOW",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-862",
                  "description": "CWE-862 Missing Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-01-13T11:53:25.879Z",
            "orgId": "f4fb688c-4412-4426-b4b8-421ecf27b14a",
            "shortName": "TYPO3"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://typo3.org/security/advisory/typo3-core-sa-2026-002"
            },
            {
              "name": "Git commit of main branch",
              "tags": [
                "patch"
              ],
              "url": "https://github.com/TYPO3/typo3/commit/8a46abd8993e3a5a31a834dcd6c8f91adef57ce4"
            },
            {
              "name": "Git commit of 13.4 branch",
              "tags": [
                "patch"
              ],
              "url": "https://github.com/TYPO3/typo3/commit/bac370df5c1c3fcf5ebc1c030fbd2bec86d6a686"
            },
            {
              "name": "Git commit of 12.4 branch",
              "tags": [
                "patch"
              ],
              "url": "https://github.com/TYPO3/typo3/commit/fbbae3b9a40d0420207ef7af990cdf1ac0612c0b"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "TYPO3 CMS Allows Broken Access Control in Redirects Module",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f4fb688c-4412-4426-b4b8-421ecf27b14a",
        "assignerShortName": "TYPO3",
        "cveId": "CVE-2025-59021",
        "datePublished": "2026-01-13T11:53:25.879Z",
        "dateReserved": "2025-09-07T19:01:20.436Z",
        "dateUpdated": "2026-01-13T14:44:44.540Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-59020 (GCVE-0-2025-59020)

    Vulnerability from cvelistv5 – Published: 2026-01-13 11:53 – Updated: 2026-01-13 16:43
    VLAI
    Title
    TYPO3 CMS Allows Broken Access Control in Edit Document Controller
    Summary
    By exploiting the defVals parameter, attackers could bypass field‑level access checks during record creation in the TYPO3 backend. This gave them the ability to insert arbitrary data into prohibited exclude fields of a database table for which the user already has write permission for a reduced set of fields. This issue affects TYPO3 CMS versions 10.0.0-10.4.54, 11.0.0-11.5.48, 12.0.0-12.4.40, 13.0.0-13.4.22 and 14.0.0-14.0.1.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-863 - Incorrect Authorization
    Assigner
    Impacted products
    Vendor Product Version
    TYPO3 TYPO3 CMS Affected: 10.0.0 , < 10.4.55 (semver)
    Affected: 11.0.0 , < 11.5.49 (semver)
    Affected: 12.0.0 , < 12.4.41 (semver)
    Affected: 13.0.0 , < 13.4.23 (semver)
    Affected: 14.0.0 , < 14.0.2 (semver)
    Create a notification for this product.
    Credits
    Daniel Windloff Benjamin Franzke
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-59020",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-01-13T16:42:25.076806Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-01-13T16:43:00.776Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://packagist.org",
              "defaultStatus": "unaffected",
              "modules": [
                "Backend"
              ],
              "packageName": "typo3/cms-backend",
              "product": "TYPO3 CMS",
              "repo": "https://github.com/TYPO3/typo3",
              "vendor": "TYPO3",
              "versions": [
                {
                  "lessThan": "10.4.55",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "11.5.49",
                  "status": "affected",
                  "version": "11.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "12.4.41",
                  "status": "affected",
                  "version": "12.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "13.4.23",
                  "status": "affected",
                  "version": "13.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "14.0.2",
                  "status": "affected",
                  "version": "14.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "10.4.55",
                      "versionStartIncluding": "10.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "11.5.49",
                      "versionStartIncluding": "11.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "12.4.41",
                      "versionStartIncluding": "12.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "13.4.23",
                      "versionStartIncluding": "13.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "14.0.2",
                      "versionStartIncluding": "14.0.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "AND"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "Daniel Windloff"
            },
            {
              "lang": "en",
              "type": "remediation developer",
              "value": "Benjamin Franzke"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "By exploiting the \u003ccode\u003edefVals\u003c/code\u003e parameter, attackers could bypass field\u2011level access checks during record creation in the TYPO3 backend. This gave them the ability to insert arbitrary data into prohibited exclude fields of a database table for which the user already has write permission for a reduced set of fields. This issue affects TYPO3 CMS versions 10.0.0-10.4.54, 11.0.0-11.5.48, 12.0.0-12.4.40, 13.0.0-13.4.22 and 14.0.0-14.0.1."
                }
              ],
              "value": "By exploiting the defVals parameter, attackers could bypass field\u2011level access checks during record creation in the TYPO3 backend. This gave them the ability to insert arbitrary data into prohibited exclude fields of a database table for which the user already has write permission for a reduced set of fields. This issue affects TYPO3 CMS versions 10.0.0-10.4.54, 11.0.0-11.5.48, 12.0.0-12.4.40, 13.0.0-13.4.22 and 14.0.0-14.0.1."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "LOW",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-863",
                  "description": "CWE-863 Incorrect Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-01-13T11:53:02.274Z",
            "orgId": "f4fb688c-4412-4426-b4b8-421ecf27b14a",
            "shortName": "TYPO3"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://typo3.org/security/advisory/typo3-core-sa-2026-001"
            },
            {
              "name": "Git commit of main branch",
              "tags": [
                "patch"
              ],
              "url": "https://github.com/TYPO3/typo3/commit/ac3f792bd5ab7c58153fc1075cb9e001c9cebe3b"
            },
            {
              "name": "Git commit of 13.4 branch",
              "tags": [
                "patch"
              ],
              "url": "https://github.com/TYPO3/typo3/commit/fb98378a8fd30dd50d89a3d1a420780819f38232"
            },
            {
              "name": "Git commit of 12.4 branch",
              "tags": [
                "patch"
              ],
              "url": "https://github.com/TYPO3/typo3/commit/cd11a19958d823d12d028f9345b41739c7e70118"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "TYPO3 CMS Allows Broken Access Control in Edit Document Controller",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f4fb688c-4412-4426-b4b8-421ecf27b14a",
        "assignerShortName": "TYPO3",
        "cveId": "CVE-2025-59020",
        "datePublished": "2026-01-13T11:53:02.274Z",
        "dateReserved": "2025-09-07T19:01:20.436Z",
        "dateUpdated": "2026-01-13T16:43:00.776Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-59019 (GCVE-0-2025-59019)

    Vulnerability from cvelistv5 – Published: 2025-09-09 09:01 – Updated: 2025-09-11 20:44
    VLAI
    Title
    Information Disclosure via CSV Download
    Summary
    Missing authorization checks in the CSV download feature of TYPO3 CMS versions 11.0.0‑11.5.47, 12.0.0‑12.4.36, and 13.0.0‑13.4.17 allow backend users to disclose information from arbitrary database tables stored within the users' web mounts without having access to them.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
    Assigner
    References
    Impacted products
    Vendor Product Version
    TYPO3 TYPO3 CMS Affected: 12.0.0 , < 12.4.37 (semver)
    Affected: 13.0.0 , < 13.4.18 (semver)
    Create a notification for this product.
    TYPO3 TYPO3 CMS Affected: 11.0.0 , < 11.5.48 (semver)
    Create a notification for this product.
    Date Public
    2025-09-09 09:00
    Credits
    Oliver Hader Benjamin Franzke
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-59019",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-09-09T19:29:26.567968Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-09-09T19:29:34.088Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://packagist.org",
              "defaultStatus": "unaffected",
              "modules": [
                "Backend"
              ],
              "packageName": "typo3/cms-backend",
              "product": "TYPO3 CMS",
              "repo": "https://github.com/TYPO3/typo3",
              "vendor": "TYPO3",
              "versions": [
                {
                  "lessThan": "12.4.37",
                  "status": "affected",
                  "version": "12.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "13.4.18",
                  "status": "affected",
                  "version": "13.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "collectionURL": "https://packagist.org",
              "defaultStatus": "unaffected",
              "modules": [
                "Record List"
              ],
              "packageName": "typo3/cms-recordlist",
              "product": "TYPO3 CMS",
              "repo": "https://github.com/TYPO3/typo3",
              "vendor": "TYPO3",
              "versions": [
                {
                  "lessThan": "11.5.48",
                  "status": "affected",
                  "version": "11.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "Oliver Hader"
            },
            {
              "lang": "en",
              "type": "remediation developer",
              "value": "Benjamin Franzke"
            }
          ],
          "datePublic": "2025-09-09T09:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Missing authorization checks in the CSV download feature of TYPO3 CMS versions 11.0.0\u201111.5.47, 12.0.0\u201112.4.36, and 13.0.0\u201113.4.17 allow backend users to disclose information from arbitrary database tables stored within the users\u0027 web mounts without having access to them."
                }
              ],
              "value": "Missing authorization checks in the CSV download feature of TYPO3 CMS versions 11.0.0\u201111.5.47, 12.0.0\u201112.4.36, and 13.0.0\u201113.4.17 allow backend users to disclose information from arbitrary database tables stored within the users\u0027 web mounts without having access to them."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "LOW",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-200",
                  "description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-09-11T20:44:40.074Z",
            "orgId": "f4fb688c-4412-4426-b4b8-421ecf27b14a",
            "shortName": "TYPO3"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://typo3.org/security/advisory/typo3-core-sa-2025-023"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Information Disclosure via CSV Download",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f4fb688c-4412-4426-b4b8-421ecf27b14a",
        "assignerShortName": "TYPO3",
        "cveId": "CVE-2025-59019",
        "datePublished": "2025-09-09T09:01:17.787Z",
        "dateReserved": "2025-09-07T19:01:20.436Z",
        "dateUpdated": "2025-09-11T20:44:40.074Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-59018 (GCVE-0-2025-59018)

    Vulnerability from cvelistv5 – Published: 2025-09-09 09:01 – Updated: 2025-09-11 20:35
    VLAI
    Title
    Information Disclosure in Workspaces Module
    Summary
    Missing authorization checks in the Workspace Module of TYPO3 CMS versions 9.0.0‑9.5.54, 10.0.0‑10.4.53, 11.0.0‑11.5.47, 12.0.0‑12.4.36, and 13.0.0‑13.4.17 allow backend users to directly invoke the corresponding AJAX backend route to disclose sensitive information without having access.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
    Assigner
    References
    Impacted products
    Vendor Product Version
    TYPO3 TYPO3 CMS Affected: 9.0.0 , < 9.5.55 (semver)
    Affected: 10.0.0 , < 10.4.54 (semver)
    Affected: 11.0.0 , < 11.5.48 (semver)
    Affected: 12.0.0 , < 12.4.37 (semver)
    Affected: 13.0.0 , < 13.4.18 (semver)
    Create a notification for this product.
    Date Public
    2025-09-09 09:00
    Credits
    Oliver Hader Oliver Hader
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-59018",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-09-09T19:29:46.358887Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-09-09T19:29:53.763Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://packagist.org",
              "defaultStatus": "unaffected",
              "modules": [
                "Workspaces"
              ],
              "packageName": "typo3/cms-workspaces",
              "product": "TYPO3 CMS",
              "repo": "https://github.com/TYPO3/typo3",
              "vendor": "TYPO3",
              "versions": [
                {
                  "lessThan": "9.5.55",
                  "status": "affected",
                  "version": "9.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "10.4.54",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "11.5.48",
                  "status": "affected",
                  "version": "11.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "12.4.37",
                  "status": "affected",
                  "version": "12.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "13.4.18",
                  "status": "affected",
                  "version": "13.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "Oliver Hader"
            },
            {
              "lang": "en",
              "type": "remediation developer",
              "value": "Oliver Hader"
            }
          ],
          "datePublic": "2025-09-09T09:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Missing authorization checks in the Workspace Module of TYPO3 CMS versions 9.0.0\u20119.5.54, 10.0.0\u201110.4.53, 11.0.0\u201111.5.47, 12.0.0\u201112.4.36, and 13.0.0\u201113.4.17 allow backend users to directly invoke the corresponding AJAX backend route to disclose sensitive information without having access."
                }
              ],
              "value": "Missing authorization checks in the Workspace Module of TYPO3 CMS versions 9.0.0\u20119.5.54, 10.0.0\u201110.4.53, 11.0.0\u201111.5.47, 12.0.0\u201112.4.36, and 13.0.0\u201113.4.17 allow backend users to directly invoke the corresponding AJAX backend route to disclose sensitive information without having access."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 7.1,
                "baseSeverity": "HIGH",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-200",
                  "description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-09-11T20:35:36.245Z",
            "orgId": "f4fb688c-4412-4426-b4b8-421ecf27b14a",
            "shortName": "TYPO3"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://typo3.org/security/advisory/typo3-core-sa-2025-022"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Information Disclosure in Workspaces Module",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f4fb688c-4412-4426-b4b8-421ecf27b14a",
        "assignerShortName": "TYPO3",
        "cveId": "CVE-2025-59018",
        "datePublished": "2025-09-09T09:01:10.275Z",
        "dateReserved": "2025-09-07T19:01:20.436Z",
        "dateUpdated": "2025-09-11T20:35:36.245Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-59017 (GCVE-0-2025-59017)

    Vulnerability from cvelistv5 – Published: 2025-09-09 09:01 – Updated: 2025-09-09 19:30
    VLAI
    Title
    Broken Access Control in Backend AJAX Routes
    Summary
    Missing authorization checks in the Backend Routing of TYPO3 CMS versions 9.0.0‑9.5.54, 10.0.0‑10.4.53, 11.0.0‑11.5.47, 12.0.0‑12.4.36, and 13.0.0‑13.4.17 allow backend users to directly invoke AJAX backend routes without having access to the corresponding backend modules.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    TYPO3 TYPO3 CMS Affected: 9.0.0 , < 9.5.55 (semver)
    Affected: 10.0.0 , < 10.4.54 (semver)
    Affected: 11.0.0 , < 11.5.48 (semver)
    Affected: 12.0.0 , < 12.4.37 (semver)
    Affected: 13.0.0 , < 13.4.18 (semver)
    Create a notification for this product.
    TYPO3 TYPO3 CMS Affected: 10.0.0 , < 10.4.54 (semver)
    Affected: 11.0.0 , < 11.5.48 (semver)
    Affected: 12.0.0 , < 12.4.37 (semver)
    Affected: 13.0.0 , < 13.4.18 (semver)
    Create a notification for this product.
    Date Public
    2025-09-09 09:00
    Credits
    Elias Häußler Elias Häußler
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-59017",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-09-09T19:30:08.547495Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-09-09T19:30:15.708Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://packagist.org",
              "defaultStatus": "unaffected",
              "modules": [
                "Backend"
              ],
              "packageName": "typo3/cms-backend",
              "product": "TYPO3 CMS",
              "repo": "https://github.com/TYPO3/typo3",
              "vendor": "TYPO3",
              "versions": [
                {
                  "lessThan": "9.5.55",
                  "status": "affected",
                  "version": "9.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "10.4.54",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "11.5.48",
                  "status": "affected",
                  "version": "11.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "12.4.37",
                  "status": "affected",
                  "version": "12.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "13.4.18",
                  "status": "affected",
                  "version": "13.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "collectionURL": "https://packagist.org",
              "defaultStatus": "unaffected",
              "modules": [
                "Backend User"
              ],
              "packageName": "typo3/cms-beuser",
              "product": "TYPO3 CMS",
              "repo": "https://github.com/TYPO3/typo3",
              "vendor": "TYPO3",
              "versions": [
                {
                  "lessThan": "9.5.55",
                  "status": "affected",
                  "version": "9.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "10.4.54",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "11.5.48",
                  "status": "affected",
                  "version": "11.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "12.4.37",
                  "status": "affected",
                  "version": "12.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "13.4.18",
                  "status": "affected",
                  "version": "13.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "collectionURL": "https://packagist.org",
              "defaultStatus": "unaffected",
              "modules": [
                "Dashboard"
              ],
              "packageName": "typo3/cms-dashboard",
              "product": "TYPO3 CMS",
              "repo": "https://github.com/TYPO3/typo3",
              "vendor": "TYPO3",
              "versions": [
                {
                  "lessThan": "10.4.54",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "11.5.48",
                  "status": "affected",
                  "version": "11.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "12.4.37",
                  "status": "affected",
                  "version": "12.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "13.4.18",
                  "status": "affected",
                  "version": "13.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "collectionURL": "https://packagist.org",
              "defaultStatus": "unaffected",
              "modules": [
                "Recycler"
              ],
              "packageName": "typo3/cms-recycler",
              "product": "TYPO3 CMS",
              "repo": "https://github.com/TYPO3/typo3",
              "vendor": "TYPO3",
              "versions": [
                {
                  "lessThan": "9.5.55",
                  "status": "affected",
                  "version": "9.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "10.4.54",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "11.5.48",
                  "status": "affected",
                  "version": "11.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "12.4.37",
                  "status": "affected",
                  "version": "12.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "13.4.18",
                  "status": "affected",
                  "version": "13.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "collectionURL": "https://packagist.org",
              "defaultStatus": "unaffected",
              "modules": [
                "Workspaces"
              ],
              "packageName": "typo3/cms-workspaces",
              "product": "TYPO3 CMS",
              "repo": "https://github.com/TYPO3/typo3",
              "vendor": "TYPO3",
              "versions": [
                {
                  "lessThan": "9.5.55",
                  "status": "affected",
                  "version": "9.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "10.4.54",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "11.5.48",
                  "status": "affected",
                  "version": "11.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "12.4.37",
                  "status": "affected",
                  "version": "12.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "13.4.18",
                  "status": "affected",
                  "version": "13.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "Elias H\u00e4u\u00dfler"
            },
            {
              "lang": "en",
              "type": "remediation developer",
              "value": "Elias H\u00e4u\u00dfler"
            }
          ],
          "datePublic": "2025-09-09T09:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Missing authorization checks in the Backend Routing of TYPO3 CMS versions 9.0.0\u20119.5.54, 10.0.0\u201110.4.53, 11.0.0\u201111.5.47, 12.0.0\u201112.4.36, and 13.0.0\u201113.4.17 allow backend users to directly invoke AJAX backend routes without having access to the corresponding backend modules."
                }
              ],
              "value": "Missing authorization checks in the Backend Routing of TYPO3 CMS versions 9.0.0\u20119.5.54, 10.0.0\u201110.4.53, 11.0.0\u201111.5.47, 12.0.0\u201112.4.36, and 13.0.0\u201113.4.17 allow backend users to directly invoke AJAX backend routes without having access to the corresponding backend modules."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "LOW",
                "vulnConfidentialityImpact": "LOW",
                "vulnIntegrityImpact": "LOW",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-862",
                  "description": "CWE-862 Missing Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-09-09T09:01:03.951Z",
            "orgId": "f4fb688c-4412-4426-b4b8-421ecf27b14a",
            "shortName": "TYPO3"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://typo3.org/security/advisory/typo3-core-sa-2025-021"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Broken Access Control in Backend AJAX Routes",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f4fb688c-4412-4426-b4b8-421ecf27b14a",
        "assignerShortName": "TYPO3",
        "cveId": "CVE-2025-59017",
        "datePublished": "2025-09-09T09:01:03.951Z",
        "dateReserved": "2025-09-07T19:01:20.436Z",
        "dateUpdated": "2025-09-09T19:30:15.708Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-59016 (GCVE-0-2025-59016)

    Vulnerability from cvelistv5 – Published: 2025-09-09 09:00 – Updated: 2025-09-09 19:30
    VLAI
    Title
    Information Disclosure via File Abstraction Layer
    Summary
    Error messages containing sensitive information in the File Abstraction Layer in TYPO3 CMS versions 9.0.0-9.5.54, 10.0.0-10.4.53, 11.0.0-11.5.47, 12.0.0-12.4.36, and 13.0.0-13.4.17 allow backend users to disclose full file paths via failed low-level file-system operations.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-209 - Generation of Error Message Containing Sensitive Information
    Assigner
    References
    Impacted products
    Vendor Product Version
    TYPO3 TYPO3 CMS Affected: 9.0.0 , < 9.5.55 (semver)
    Affected: 10.0.0 , < 10.4.54 (semver)
    Affected: 11.0.0 , < 11.5.48 (semver)
    Affected: 12.0.0 , < 12.4.37 (semver)
    Affected: 13.0.0 , < 13.4.18 (semver)
    Create a notification for this product.
    Date Public
    2025-09-09 09:00
    Credits
    Dmitry Petschke Marc Willmann Andreas Kienast
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-59016",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-09-09T19:30:29.461750Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-09-09T19:30:37.493Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://packagist.org",
              "defaultStatus": "unaffected",
              "modules": [
                "Core"
              ],
              "packageName": "typo3/cms-core",
              "product": "TYPO3 CMS",
              "repo": "https://github.com/TYPO3/typo3",
              "vendor": "TYPO3",
              "versions": [
                {
                  "lessThan": "9.5.55",
                  "status": "affected",
                  "version": "9.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "10.4.54",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "11.5.48",
                  "status": "affected",
                  "version": "11.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "12.4.37",
                  "status": "affected",
                  "version": "12.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "13.4.18",
                  "status": "affected",
                  "version": "13.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "Dmitry Petschke"
            },
            {
              "lang": "en",
              "type": "reporter",
              "value": "Marc Willmann"
            },
            {
              "lang": "en",
              "type": "remediation developer",
              "value": "Andreas Kienast"
            }
          ],
          "datePublic": "2025-09-09T09:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Error messages containing sensitive information in the File Abstraction Layer in TYPO3 CMS versions 9.0.0-9.5.54, 10.0.0-10.4.53, 11.0.0-11.5.47, 12.0.0-12.4.36, and 13.0.0-13.4.17 allow backend users to disclose full file paths via failed low-level file-system operations."
                }
              ],
              "value": "Error messages containing sensitive information in the File Abstraction Layer in TYPO3 CMS versions 9.0.0-9.5.54, 10.0.0-10.4.53, 11.0.0-11.5.47, 12.0.0-12.4.36, and 13.0.0-13.4.17 allow backend users to disclose full file paths via failed low-level file-system operations."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "LOW",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-209",
                  "description": "CWE-209 Generation of Error Message Containing Sensitive Information",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-09-09T09:00:55.985Z",
            "orgId": "f4fb688c-4412-4426-b4b8-421ecf27b14a",
            "shortName": "TYPO3"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://typo3.org/security/advisory/typo3-core-sa-2025-020"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Information Disclosure via File Abstraction Layer",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f4fb688c-4412-4426-b4b8-421ecf27b14a",
        "assignerShortName": "TYPO3",
        "cveId": "CVE-2025-59016",
        "datePublished": "2025-09-09T09:00:55.985Z",
        "dateReserved": "2025-09-07T19:01:20.436Z",
        "dateUpdated": "2025-09-09T19:30:37.493Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-59015 (GCVE-0-2025-59015)

    Vulnerability from cvelistv5 – Published: 2025-09-09 09:00 – Updated: 2025-09-09 19:31
    VLAI
    Title
    Insufficient Entropy in Password Generation
    Summary
    A deterministic three‑character prefix in the Password Generation component of TYPO3 CMS versions 12.0.0–12.4.36 and 13.0.0–13.4.17 reduces entropy, allowing attackers to carry out brute‑force attacks more quickly.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    TYPO3 TYPO3 CMS Affected: 12.0.0 , < 12.4.37 (semver)
    Affected: 13.0.0 , < 13.4.18 (semver)
    Create a notification for this product.
    Date Public
    2025-09-09 09:00
    Credits
    Mathias Brodala Oliver Hader
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-59015",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-09-09T19:31:01.239247Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-09-09T19:31:09.254Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://packagist.org",
              "defaultStatus": "unaffected",
              "modules": [
                "Core"
              ],
              "packageName": "typo3/cms-core",
              "product": "TYPO3 CMS",
              "repo": "https://github.com/TYPO3/typo3",
              "vendor": "TYPO3",
              "versions": [
                {
                  "lessThan": "12.4.37",
                  "status": "affected",
                  "version": "12.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "13.4.18",
                  "status": "affected",
                  "version": "13.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "Mathias Brodala"
            },
            {
              "lang": "en",
              "type": "remediation developer",
              "value": "Oliver Hader"
            }
          ],
          "datePublic": "2025-09-09T09:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A deterministic three\u2011character prefix in the Password Generation component of TYPO3 CMS versions 12.0.0\u201312.4.36 and 13.0.0\u201313.4.17 reduces entropy, allowing attackers to carry out brute\u2011force attacks more quickly."
                }
              ],
              "value": "A deterministic three\u2011character prefix in the Password Generation component of TYPO3 CMS versions 12.0.0\u201312.4.36 and 13.0.0\u201313.4.17 reduces entropy, allowing attackers to carry out brute\u2011force attacks more quickly."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "HIGH",
                "attackRequirements": "PRESENT",
                "attackVector": "NETWORK",
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "LOW",
                "vulnIntegrityImpact": "LOW",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-331",
                  "description": "CWE-331 Insufficient Entropy",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-09-09T09:00:48.801Z",
            "orgId": "f4fb688c-4412-4426-b4b8-421ecf27b14a",
            "shortName": "TYPO3"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://typo3.org/security/advisory/typo3-core-sa-2025-019"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Insufficient Entropy in Password Generation",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f4fb688c-4412-4426-b4b8-421ecf27b14a",
        "assignerShortName": "TYPO3",
        "cveId": "CVE-2025-59015",
        "datePublished": "2025-09-09T09:00:48.801Z",
        "dateReserved": "2025-09-07T19:01:20.436Z",
        "dateUpdated": "2025-09-09T19:31:09.254Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-59014 (GCVE-0-2025-59014)

    Vulnerability from cvelistv5 – Published: 2025-09-09 09:00 – Updated: 2025-09-09 19:31
    VLAI
    Title
    Denial of Service in TYPO3 Bookmark Toolbar
    Summary
    An uncaught exception in the Bookmark Toolbar of TYPO3 CMS versions 11.0.0–11.5.47, 12.0.0–12.4.36, and 13.0.0–13.4.17 lets administrator‑level backend users trigger a denial‑of‑service condition in the backend user interface by saving manipulated data in the bookmark toolbar.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    TYPO3 TYPO3 CMS Affected: 11.0.0 , < 11.5.48 (semver)
    Affected: 12.0.0 , < 12.4.37 (semver)
    Affected: 13.0.0 , < 13.4.18 (semver)
    Create a notification for this product.
    Date Public
    2025-09-09 09:00
    Credits
    Jakub Świes Oliver Hader
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-59014",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-09-09T19:31:24.905016Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-09-09T19:31:32.972Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://packagist.org",
              "defaultStatus": "unaffected",
              "modules": [
                "Backend"
              ],
              "packageName": "typo3/cms-backend",
              "product": "TYPO3 CMS",
              "repo": "https://github.com/TYPO3/typo3",
              "vendor": "TYPO3",
              "versions": [
                {
                  "lessThan": "11.5.48",
                  "status": "affected",
                  "version": "11.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "12.4.37",
                  "status": "affected",
                  "version": "12.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "13.4.18",
                  "status": "affected",
                  "version": "13.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "Jakub \u015awies"
            },
            {
              "lang": "en",
              "type": "remediation developer",
              "value": "Oliver Hader"
            }
          ],
          "datePublic": "2025-09-09T09:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "An uncaught exception in the Bookmark Toolbar of TYPO3 CMS versions 11.0.0\u201311.5.47, 12.0.0\u201312.4.36, and 13.0.0\u201313.4.17 lets administrator\u2011level backend users trigger a denial\u2011of\u2011service condition in the backend user interface by saving manipulated data in the bookmark toolbar."
                }
              ],
              "value": "An uncaught exception in the Bookmark Toolbar of TYPO3 CMS versions 11.0.0\u201311.5.47, 12.0.0\u201312.4.36, and 13.0.0\u201313.4.17 lets administrator\u2011level backend users trigger a denial\u2011of\u2011service condition in the backend user interface by saving manipulated data in the bookmark toolbar."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 5.1,
                "baseSeverity": "MEDIUM",
                "privilegesRequired": "HIGH",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "LOW",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-248",
                  "description": "CWE-248",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-09-09T09:00:38.664Z",
            "orgId": "f4fb688c-4412-4426-b4b8-421ecf27b14a",
            "shortName": "TYPO3"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://typo3.org/security/advisory/typo3-core-sa-2025-018"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Denial of Service in TYPO3 Bookmark Toolbar",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f4fb688c-4412-4426-b4b8-421ecf27b14a",
        "assignerShortName": "TYPO3",
        "cveId": "CVE-2025-59014",
        "datePublished": "2025-09-09T09:00:38.664Z",
        "dateReserved": "2025-09-07T19:01:20.435Z",
        "dateUpdated": "2025-09-09T19:31:32.972Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-59013 (GCVE-0-2025-59013)

    Vulnerability from cvelistv5 – Published: 2025-09-09 09:00 – Updated: 2025-09-09 19:31
    VLAI
    Title
    Open Redirect in TYPO3 CMS
    Summary
    An open‑redirect vulnerability in GeneralUtility::sanitizeLocalUrl of TYPO3 CMS 9.0.0–9.5.54, 10.0.0–10.4.53, 11.0.0–11.5.47, 12.0.0–12.4.36, and 13.0.0–13.4.17 allows an attacker to redirect users to arbitrary external sites, enabling phishing attacks by supplying a manipulated, sanitized URL.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-601 - URL Redirection to Untrusted Site ('Open Redirect')
    Assigner
    References
    Impacted products
    Vendor Product Version
    TYPO3 TYPO3 CMS Affected: 9.0.0 , < 9.5.55 (semver)
    Affected: 10.0.0 , < 10.4.54 (semver)
    Affected: 11.0.0 , < 11.5.48 (semver)
    Affected: 12.0.0 , < 12.4.37 (semver)
    Affected: 13.0.0 , < 13.4.18 (semver)
    Create a notification for this product.
    Date Public
    2025-09-09 09:00
    Credits
    Oliver Hader Benjamin Franzke
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-59013",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-09-09T19:31:48.748993Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-09-09T19:31:56.794Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://packagist.org",
              "defaultStatus": "unaffected",
              "modules": [
                "Core"
              ],
              "packageName": "typo3/cms-core",
              "product": "TYPO3 CMS",
              "repo": "https://github.com/TYPO3/typo3",
              "vendor": "TYPO3",
              "versions": [
                {
                  "lessThan": "9.5.55",
                  "status": "affected",
                  "version": "9.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "10.4.54",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "11.5.48",
                  "status": "affected",
                  "version": "11.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "12.4.37",
                  "status": "affected",
                  "version": "12.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "13.4.18",
                  "status": "affected",
                  "version": "13.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "Oliver Hader"
            },
            {
              "lang": "en",
              "type": "remediation developer",
              "value": "Benjamin Franzke"
            }
          ],
          "datePublic": "2025-09-09T09:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "An open\u2011redirect vulnerability in \u003ccode\u003eGeneralUtility::sanitizeLocalUrl\u003c/code\u003e of TYPO3 CMS 9.0.0\u20139.5.54, 10.0.0\u201310.4.53, 11.0.0\u201311.5.47, 12.0.0\u201312.4.36, and 13.0.0\u201313.4.17 allows an attacker to redirect users to arbitrary external sites, enabling phishing attacks by supplying a manipulated, sanitized URL."
                }
              ],
              "value": "An open\u2011redirect vulnerability in GeneralUtility::sanitizeLocalUrl of TYPO3 CMS 9.0.0\u20139.5.54, 10.0.0\u201310.4.53, 11.0.0\u201311.5.47, 12.0.0\u201312.4.36, and 13.0.0\u201313.4.17 allows an attacker to redirect users to arbitrary external sites, enabling phishing attacks by supplying a manipulated, sanitized URL."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "LOW",
                "userInteraction": "PASSIVE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-601",
                  "description": "CWE-601 URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-09-09T09:00:23.176Z",
            "orgId": "f4fb688c-4412-4426-b4b8-421ecf27b14a",
            "shortName": "TYPO3"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://typo3.org/security/advisory/typo3-core-sa-2025-017"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Open Redirect in TYPO3 CMS",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f4fb688c-4412-4426-b4b8-421ecf27b14a",
        "assignerShortName": "TYPO3",
        "cveId": "CVE-2025-59013",
        "datePublished": "2025-09-09T09:00:23.176Z",
        "dateReserved": "2025-09-07T19:01:20.435Z",
        "dateUpdated": "2025-09-09T19:31:56.794Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-7900 (GCVE-0-2025-7900)

    Vulnerability from cvelistv5 – Published: 2025-07-22 10:21 – Updated: 2025-07-22 14:17
    VLAI
    Title
    Insecure Direct Object Reference in extension "femanager" (femanager)
    Summary
    The femanager extension for TYPO3 allows Insecure Direct Object Reference resulting in unauthorized modification of userdata. This issue affects femanager version 6.4.1 and below, 7.0.0 to 7.5.2 and 8.0.0 to 8.3.0
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-639 - Authorization Bypass Through User-Controlled Key
    Assigner
    Impacted products
    Vendor Product Version
    TYPO3 Extension "femanager" Affected: 8.0.0 , ≤ 8.3.0 (semver)
    Affected: 7.0.0 , ≤ 7.5.2 (semver)
    Affected: 0 , ≤ 6.4.1 (semver)
    Create a notification for this product.
    Date Public
    2025-07-22 08:00
    Credits
    Alexander Freundlieb
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-7900",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-07-22T14:11:59.841789Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-07-22T14:17:04.005Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://packagist.org/",
              "defaultStatus": "unaffected",
              "packageName": "in2code/femanager",
              "product": "Extension \"femanager\"",
              "repo": "https://github.com/in2code-de/femanager",
              "vendor": "TYPO3",
              "versions": [
                {
                  "lessThanOrEqual": "8.3.0",
                  "status": "affected",
                  "version": "8.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.5.2",
                  "status": "affected",
                  "version": "7.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "6.4.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "Alexander Freundlieb"
            }
          ],
          "datePublic": "2025-07-22T08:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cdiv\u003eThe femanager extension for TYPO3 allows Insecure Direct Object Reference resulting in unauthorized modification of userdata. This issue affects femanager version \u003cspan style=\"background-color: transparent;\"\u003e6.4.1 and below, 7.0.0 to 7.5.2 and 8.0.0 to 8.3.0\u003c/span\u003e\u003c/div\u003e"
                }
              ],
              "value": "The femanager extension for TYPO3 allows Insecure Direct Object Reference resulting in unauthorized modification of userdata. This issue affects femanager version 6.4.1 and below, 7.0.0 to 7.5.2 and 8.0.0 to 8.3.0"
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-137",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-137 Parameter Injection"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "LOW",
                "vulnIntegrityImpact": "LOW",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-639",
                  "description": "CWE-639 Authorization Bypass Through User-Controlled Key",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-07-22T10:21:32.123Z",
            "orgId": "f4fb688c-4412-4426-b4b8-421ecf27b14a",
            "shortName": "TYPO3"
          },
          "references": [
            {
              "url": "https://typo3.org/security/advisory/typo3-ext-sa-2025-010"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Insecure Direct Object Reference in extension \"femanager\" (femanager)",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f4fb688c-4412-4426-b4b8-421ecf27b14a",
        "assignerShortName": "TYPO3",
        "cveId": "CVE-2025-7900",
        "datePublished": "2025-07-22T10:21:32.123Z",
        "dateReserved": "2025-07-19T12:40:19.076Z",
        "dateUpdated": "2025-07-22T14:17:04.005Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    GCVE-1-2025-0041

    Vulnerability from gna-1 – Published: 2025-12-19 14:25 – Updated: 2025-12-19 14:54 Exclusively Hosted Service
    VLAI
    Title
    [online services] Reflected Cross-Site Scripting (XSS) / HTML Injection in Website Hosted in Luxembourg
    Summary
    The vulnerability, in a series (5) of online services in Luxembourg, occurs because a request parameter (e.g., a search or query parameter) is incorporated directly into the server-generated HTML response without proper escaping. As a result, specially crafted input containing HTML tags and attributes can be interpreted by the browser as active markup rather than plain text. An attacker can exploit this behavior by injecting HTML elements with JavaScript-capable event handlers. When the page is rendered and a user interacts with it (for example, through scrolling or other UI actions), the injected JavaScript executes within the security context of the vulnerable website. This is a reflected XSS issue, meaning the malicious payload is not stored server-side but is immediately reflected in the HTTP response to a single request. Successful exploitation requires a victim to follow a malicious link or otherwise load a request crafted by the attacker. Those vulnerabilities originated from a misconfiguration of the online service. **exclusively-hosted-service**
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
    Assigner
    References
    Impacted products
    Credits
    Mikel Hernández Alonso

    {
      "containers": {
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "typo3",
              "vendor": "typo3",
              "versions": [
                {
                  "status": "affected"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "wordpress",
              "vendor": "wordpress",
              "versions": [
                {
                  "status": "affected"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Mikel Hern\u00e1ndez Alonso"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eThe vulnerability, in a series (5) of online services in Luxembourg, occurs because a request parameter (e.g., a search or query parameter) is incorporated directly into the server-generated HTML response without proper escaping. As a result, specially crafted input containing HTML tags and attributes can be interpreted by the browser as active markup rather than plain text.\u003c/p\u003e\n\u003cp\u003eAn attacker can exploit this behavior by injecting HTML elements with JavaScript-capable event handlers. When the page is rendered and a user interacts with it (for example, through scrolling or other UI actions), the injected JavaScript executes within the security context of the vulnerable website.\u003c/p\u003e\n\u003cp\u003eThis is a \u003cstrong\u003ereflected XSS\u003c/strong\u003e issue, meaning the malicious payload is not stored server-side but is immediately reflected in the HTTP response to a single request. Successful exploitation requires a victim to follow a malicious link or otherwise load a request crafted by the attacker.\u003c/p\u003e\u003cp\u003eThose vulnerabilities originated from a misconfiguration of the online service.\u003c/p\u003e**exclusively-hosted-service**"
                }
              ],
              "value": "The vulnerability, in a series (5) of online services in Luxembourg, occurs because a request parameter (e.g., a search or query parameter) is incorporated directly into the server-generated HTML response without proper escaping. As a result, specially crafted input containing HTML tags and attributes can be interpreted by the browser as active markup rather than plain text.\n\n\nAn attacker can exploit this behavior by injecting HTML elements with JavaScript-capable event handlers. When the page is rendered and a user interacts with it (for example, through scrolling or other UI actions), the injected JavaScript executes within the security context of the vulnerable website.\n\n\nThis is a reflected XSS issue, meaning the malicious payload is not stored server-side but is immediately reflected in the HTTP response to a single request. Successful exploitation requires a victim to follow a malicious link or otherwise load a request crafted by the attacker.\n\nThose vulnerabilities originated from a misconfiguration of the online service.\n\n**exclusively-hosted-service**"
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003ctt\u003e\u003c/tt\u003e\u003cdiv\u003e\u003cbr\u003e\u003c/div\u003e\u003ctt\u003eThe sample url is \u0026lt;SAMPLEURL\u0026gt;.lu/recherche/?recherche=%3Caddress+onscrollsnapchange%3Dwindow%5B%27ev%27%2B%27a%27%2B%28%5B%27l%27%2C%27b%27%2C%27c%27%5D%5B0%5D%29%5D%28window%5B%27a%27%2B%27to%27%2B%28%5B%27b%27%2C%27c%27%2C%27d%27%5D%5B0%5D%29%5D%28%27YWxlcnQob3JpZ2luKQ%3D%3D%27%29%29%3B+style%3Doverflow-y%3Ahidden%3Bscroll-snap-type%3Ax%3E%3Cdiv+style%3Dscroll-snap-align%3Acenter%3E1337%3C%2Fdiv%3E%3C%2Faddress%3E\u003cbr\u003e\u003c/tt\u003e\u003cdiv\u003e\u003cbr\u003e\u003c/div\u003e\u003cdiv\u003e\u003cbr\u003e\u003c/div\u003e"
                }
              ],
              "value": "The sample url is \u003cSAMPLEURL\u003e.lu/recherche/?recherche=%3Caddress+onscrollsnapchange%3Dwindow%5B%27ev%27%2B%27a%27%2B%28%5B%27l%27%2C%27b%27%2C%27c%27%5D%5B0%5D%29%5D%28window%5B%27a%27%2B%27to%27%2B%28%5B%27b%27%2C%27c%27%2C%27d%27%5D%5B0%5D%29%5D%28%27YWxlcnQob3JpZ2luKQ%3D%3D%27%29%29%3B+style%3Doverflow-y%3Ahidden%3Bscroll-snap-type%3Ax%3E%3Cdiv+style%3Dscroll-snap-align%3Acenter%3E1337%3C%2Fdiv%3E%3C%2Faddress%3E"
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-244",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-244 XSS Targeting URI Placeholders"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 6.4,
                "baseSeverity": "MEDIUM",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "HIGH",
                "subConfidentialityImpact": "HIGH",
                "subIntegrityImpact": "HIGH",
                "userInteraction": "ACTIVE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:H/SI:H/SA:H",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "LOW",
                "vulnIntegrityImpact": "LOW",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "orgId": "00000000-0000-4000-9000-000000000000"
          },
          "references": [
            {
              "tags": [
                "technical-description"
              ],
              "url": "https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "tags": [
            "exclusively-hosted-service"
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-10-07T22:00:00.000Z",
              "value": "Initial reporting"
            }
          ],
          "title": "[online services] Reflected Cross-Site Scripting (XSS) / HTML Injection in Website Hosted in Luxembourg",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "00000000-0000-4000-9000-000000000000",
        "datePublished": "2025-12-19T14:25:00.000Z",
        "dateUpdated": "2025-12-19T14:54:51.594645Z",
        "requesterUserId": "00000000-0000-4000-9000-000000000000",
        "serial": 1,
        "state": "PUBLISHED",
        "vulnId": "gcve-1-2025-0041",
        "vulnerabilitylookup_history": [
          [
            "alexandre.dulaunoy@circl.lu",
            "2025-12-19T14:25:11.812890Z"
          ],
          [
            "alexandre.dulaunoy@circl.lu",
            "2025-12-19T14:30:14.448194Z"
          ],
          [
            "alexandre.dulaunoy@circl.lu",
            "2025-12-19T14:30:45.864429Z"
          ],
          [
            "alexandre.dulaunoy@circl.lu",
            "2025-12-19T14:41:48.015387Z"
          ],
          [
            "alexandre.dulaunoy@circl.lu",
            "2025-12-19T14:42:18.937137Z"
          ],
          [
            "alexandre.dulaunoy@circl.lu",
            "2025-12-19T14:43:23.523252Z"
          ],
          [
            "alexandre.dulaunoy@circl.lu",
            "2025-12-19T14:50:30.687423Z"
          ],
          [
            "alexandre.dulaunoy@circl.lu",
            "2025-12-19T14:54:51.594645Z"
          ]
        ]
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }