CVE-2025-59017 (GCVE-0-2025-59017)
Vulnerability from cvelistv5 – Published: 2025-09-09 09:01 – Updated: 2025-09-09 19:30
VLAI?
Summary
Missing authorization checks in the Backend Routing of TYPO3 CMS versions 9.0.0‑9.5.54, 10.0.0‑10.4.53, 11.0.0‑11.5.47, 12.0.0‑12.4.36, and 13.0.0‑13.4.17 allow backend users to directly invoke AJAX backend routes without having access to the corresponding backend modules.
Severity ?
CWE
- CWE-862 - Missing Authorization
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| TYPO3 | TYPO3 CMS |
Affected:
9.0.0 , < 9.5.55
(semver)
Affected: 10.0.0 , < 10.4.54 (semver) Affected: 11.0.0 , < 11.5.48 (semver) Affected: 12.0.0 , < 12.4.37 (semver) Affected: 13.0.0 , < 13.4.18 (semver) |
||||||||||||||||||||||
|
||||||||||||||||||||||||
Credits
Elias Häußler
Elias Häußler
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-59017",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-09T19:30:08.547495Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-09T19:30:15.708Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://packagist.org",
"defaultStatus": "unaffected",
"modules": [
"Backend"
],
"packageName": "typo3/cms-backend",
"product": "TYPO3 CMS",
"repo": "https://github.com/TYPO3/typo3",
"vendor": "TYPO3",
"versions": [
{
"lessThan": "9.5.55",
"status": "affected",
"version": "9.0.0",
"versionType": "semver"
},
{
"lessThan": "10.4.54",
"status": "affected",
"version": "10.0.0",
"versionType": "semver"
},
{
"lessThan": "11.5.48",
"status": "affected",
"version": "11.0.0",
"versionType": "semver"
},
{
"lessThan": "12.4.37",
"status": "affected",
"version": "12.0.0",
"versionType": "semver"
},
{
"lessThan": "13.4.18",
"status": "affected",
"version": "13.0.0",
"versionType": "semver"
}
]
},
{
"collectionURL": "https://packagist.org",
"defaultStatus": "unaffected",
"modules": [
"Backend User"
],
"packageName": "typo3/cms-beuser",
"product": "TYPO3 CMS",
"repo": "https://github.com/TYPO3/typo3",
"vendor": "TYPO3",
"versions": [
{
"lessThan": "9.5.55",
"status": "affected",
"version": "9.0.0",
"versionType": "semver"
},
{
"lessThan": "10.4.54",
"status": "affected",
"version": "10.0.0",
"versionType": "semver"
},
{
"lessThan": "11.5.48",
"status": "affected",
"version": "11.0.0",
"versionType": "semver"
},
{
"lessThan": "12.4.37",
"status": "affected",
"version": "12.0.0",
"versionType": "semver"
},
{
"lessThan": "13.4.18",
"status": "affected",
"version": "13.0.0",
"versionType": "semver"
}
]
},
{
"collectionURL": "https://packagist.org",
"defaultStatus": "unaffected",
"modules": [
"Dashboard"
],
"packageName": "typo3/cms-dashboard",
"product": "TYPO3 CMS",
"repo": "https://github.com/TYPO3/typo3",
"vendor": "TYPO3",
"versions": [
{
"lessThan": "10.4.54",
"status": "affected",
"version": "10.0.0",
"versionType": "semver"
},
{
"lessThan": "11.5.48",
"status": "affected",
"version": "11.0.0",
"versionType": "semver"
},
{
"lessThan": "12.4.37",
"status": "affected",
"version": "12.0.0",
"versionType": "semver"
},
{
"lessThan": "13.4.18",
"status": "affected",
"version": "13.0.0",
"versionType": "semver"
}
]
},
{
"collectionURL": "https://packagist.org",
"defaultStatus": "unaffected",
"modules": [
"Recycler"
],
"packageName": "typo3/cms-recycler",
"product": "TYPO3 CMS",
"repo": "https://github.com/TYPO3/typo3",
"vendor": "TYPO3",
"versions": [
{
"lessThan": "9.5.55",
"status": "affected",
"version": "9.0.0",
"versionType": "semver"
},
{
"lessThan": "10.4.54",
"status": "affected",
"version": "10.0.0",
"versionType": "semver"
},
{
"lessThan": "11.5.48",
"status": "affected",
"version": "11.0.0",
"versionType": "semver"
},
{
"lessThan": "12.4.37",
"status": "affected",
"version": "12.0.0",
"versionType": "semver"
},
{
"lessThan": "13.4.18",
"status": "affected",
"version": "13.0.0",
"versionType": "semver"
}
]
},
{
"collectionURL": "https://packagist.org",
"defaultStatus": "unaffected",
"modules": [
"Workspaces"
],
"packageName": "typo3/cms-workspaces",
"product": "TYPO3 CMS",
"repo": "https://github.com/TYPO3/typo3",
"vendor": "TYPO3",
"versions": [
{
"lessThan": "9.5.55",
"status": "affected",
"version": "9.0.0",
"versionType": "semver"
},
{
"lessThan": "10.4.54",
"status": "affected",
"version": "10.0.0",
"versionType": "semver"
},
{
"lessThan": "11.5.48",
"status": "affected",
"version": "11.0.0",
"versionType": "semver"
},
{
"lessThan": "12.4.37",
"status": "affected",
"version": "12.0.0",
"versionType": "semver"
},
{
"lessThan": "13.4.18",
"status": "affected",
"version": "13.0.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Elias H\u00e4u\u00dfler"
},
{
"lang": "en",
"type": "remediation developer",
"value": "Elias H\u00e4u\u00dfler"
}
],
"datePublic": "2025-09-09T09:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Missing authorization checks in the Backend Routing of TYPO3 CMS versions 9.0.0\u20119.5.54, 10.0.0\u201110.4.53, 11.0.0\u201111.5.47, 12.0.0\u201112.4.36, and 13.0.0\u201113.4.17 allow backend users to directly invoke AJAX backend routes without having access to the corresponding backend modules."
}
],
"value": "Missing authorization checks in the Backend Routing of TYPO3 CMS versions 9.0.0\u20119.5.54, 10.0.0\u201110.4.53, 11.0.0\u201111.5.47, 12.0.0\u201112.4.36, and 13.0.0\u201113.4.17 allow backend users to directly invoke AJAX backend routes without having access to the corresponding backend modules."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-09T09:01:03.951Z",
"orgId": "f4fb688c-4412-4426-b4b8-421ecf27b14a",
"shortName": "TYPO3"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://typo3.org/security/advisory/typo3-core-sa-2025-021"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Broken Access Control in Backend AJAX Routes",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "f4fb688c-4412-4426-b4b8-421ecf27b14a",
"assignerShortName": "TYPO3",
"cveId": "CVE-2025-59017",
"datePublished": "2025-09-09T09:01:03.951Z",
"dateReserved": "2025-09-07T19:01:20.436Z",
"dateUpdated": "2025-09-09T19:30:15.708Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2025-59017\",\"sourceIdentifier\":\"f4fb688c-4412-4426-b4b8-421ecf27b14a\",\"published\":\"2025-09-09T09:15:40.673\",\"lastModified\":\"2025-09-10T13:44:43.430\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Missing authorization checks in the Backend Routing of TYPO3 CMS versions 9.0.0\u20119.5.54, 10.0.0\u201110.4.53, 11.0.0\u201111.5.47, 12.0.0\u201112.4.36, and 13.0.0\u201113.4.17 allow backend users to directly invoke AJAX backend routes without having access to the corresponding backend modules.\"}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"f4fb688c-4412-4426-b4b8-421ecf27b14a\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X\",\"baseScore\":5.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"attackRequirements\":\"NONE\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"vulnConfidentialityImpact\":\"LOW\",\"vulnIntegrityImpact\":\"LOW\",\"vulnAvailabilityImpact\":\"LOW\",\"subConfidentialityImpact\":\"NONE\",\"subIntegrityImpact\":\"NONE\",\"subAvailabilityImpact\":\"NONE\",\"exploitMaturity\":\"NOT_DEFINED\",\"confidentialityRequirement\":\"NOT_DEFINED\",\"integrityRequirement\":\"NOT_DEFINED\",\"availabilityRequirement\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedVulnIntegrityImpact\":\"NOT_DEFINED\",\"modifiedVulnAvailabilityImpact\":\"NOT_DEFINED\",\"modifiedSubConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedSubIntegrityImpact\":\"NOT_DEFINED\",\"modifiedSubAvailabilityImpact\":\"NOT_DEFINED\",\"Safety\":\"NOT_DEFINED\",\"Automatable\":\"NOT_DEFINED\",\"Recovery\":\"NOT_DEFINED\",\"valueDensity\":\"NOT_DEFINED\",\"vulnerabilityResponseEffort\":\"NOT_DEFINED\",\"providerUrgency\":\"NOT_DEFINED\"}}],\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"f4fb688c-4412-4426-b4b8-421ecf27b14a\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-862\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"9.0.0\",\"versionEndExcluding\":\"9.5.55\",\"matchCriteriaId\":\"1E866731-B777-4891-B640-782B989C9D4C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"10.0.0\",\"versionEndExcluding\":\"10.4.54\",\"matchCriteriaId\":\"DECE7F7E-CAF9-4D9A-A2B4-DAEE5254653B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"11.0.0\",\"versionEndExcluding\":\"11.5.48\",\"matchCriteriaId\":\"0A6E9C36-3060-45FA-978B-902532F7E7FF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"12.0.0\",\"versionEndExcluding\":\"12.4.37\",\"matchCriteriaId\":\"D342CCDE-6D19-4FBA-B44C-271D3E20435B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"13.0.0\",\"versionEndExcluding\":\"13.4.18\",\"matchCriteriaId\":\"3513743D-D6B3-4CDE-A513-52F6E499D681\"}]}]}],\"references\":[{\"url\":\"https://typo3.org/security/advisory/typo3-core-sa-2025-021\",\"source\":\"f4fb688c-4412-4426-b4b8-421ecf27b14a\",\"tags\":[\"Vendor Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"cna\": {\"affected\": [{\"collectionURL\": \"https://packagist.org\", \"defaultStatus\": \"unaffected\", \"modules\": [\"Backend\"], \"packageName\": \"typo3/cms-backend\", \"product\": \"TYPO3 CMS\", \"repo\": \"https://github.com/TYPO3/typo3\", \"vendor\": \"TYPO3\", \"versions\": [{\"lessThan\": \"9.5.55\", \"status\": \"affected\", \"version\": \"9.0.0\", \"versionType\": \"semver\"}, {\"lessThan\": \"10.4.54\", \"status\": \"affected\", \"version\": \"10.0.0\", \"versionType\": \"semver\"}, {\"lessThan\": \"11.5.48\", \"status\": \"affected\", \"version\": \"11.0.0\", \"versionType\": \"semver\"}, {\"lessThan\": \"12.4.37\", \"status\": \"affected\", \"version\": \"12.0.0\", \"versionType\": \"semver\"}, {\"lessThan\": \"13.4.18\", \"status\": \"affected\", \"version\": \"13.0.0\", \"versionType\": \"semver\"}]}, {\"collectionURL\": \"https://packagist.org\", \"defaultStatus\": \"unaffected\", \"modules\": [\"Backend User\"], \"packageName\": \"typo3/cms-beuser\", \"product\": \"TYPO3 CMS\", \"repo\": \"https://github.com/TYPO3/typo3\", \"vendor\": \"TYPO3\", \"versions\": [{\"lessThan\": \"9.5.55\", \"status\": \"affected\", \"version\": \"9.0.0\", \"versionType\": \"semver\"}, {\"lessThan\": \"10.4.54\", \"status\": \"affected\", \"version\": \"10.0.0\", \"versionType\": \"semver\"}, {\"lessThan\": \"11.5.48\", \"status\": \"affected\", \"version\": \"11.0.0\", \"versionType\": \"semver\"}, {\"lessThan\": \"12.4.37\", \"status\": \"affected\", \"version\": \"12.0.0\", \"versionType\": \"semver\"}, {\"lessThan\": \"13.4.18\", \"status\": \"affected\", \"version\": \"13.0.0\", \"versionType\": \"semver\"}]}, {\"collectionURL\": \"https://packagist.org\", \"defaultStatus\": \"unaffected\", \"modules\": [\"Dashboard\"], \"packageName\": \"typo3/cms-dashboard\", \"product\": \"TYPO3 CMS\", \"repo\": \"https://github.com/TYPO3/typo3\", \"vendor\": \"TYPO3\", \"versions\": [{\"lessThan\": \"10.4.54\", \"status\": \"affected\", \"version\": \"10.0.0\", \"versionType\": \"semver\"}, {\"lessThan\": \"11.5.48\", \"status\": \"affected\", \"version\": \"11.0.0\", \"versionType\": \"semver\"}, {\"lessThan\": \"12.4.37\", \"status\": \"affected\", \"version\": \"12.0.0\", \"versionType\": \"semver\"}, {\"lessThan\": \"13.4.18\", \"status\": \"affected\", \"version\": \"13.0.0\", \"versionType\": \"semver\"}]}, {\"collectionURL\": \"https://packagist.org\", \"defaultStatus\": \"unaffected\", \"modules\": [\"Recycler\"], \"packageName\": \"typo3/cms-recycler\", \"product\": \"TYPO3 CMS\", \"repo\": \"https://github.com/TYPO3/typo3\", \"vendor\": \"TYPO3\", \"versions\": [{\"lessThan\": \"9.5.55\", \"status\": \"affected\", \"version\": \"9.0.0\", \"versionType\": \"semver\"}, {\"lessThan\": \"10.4.54\", \"status\": \"affected\", \"version\": \"10.0.0\", \"versionType\": \"semver\"}, {\"lessThan\": \"11.5.48\", \"status\": \"affected\", \"version\": \"11.0.0\", \"versionType\": \"semver\"}, {\"lessThan\": \"12.4.37\", \"status\": \"affected\", \"version\": \"12.0.0\", \"versionType\": \"semver\"}, {\"lessThan\": \"13.4.18\", \"status\": \"affected\", \"version\": \"13.0.0\", \"versionType\": \"semver\"}]}, {\"collectionURL\": \"https://packagist.org\", \"defaultStatus\": \"unaffected\", \"modules\": [\"Workspaces\"], \"packageName\": \"typo3/cms-workspaces\", \"product\": \"TYPO3 CMS\", \"repo\": \"https://github.com/TYPO3/typo3\", \"vendor\": \"TYPO3\", \"versions\": [{\"lessThan\": \"9.5.55\", \"status\": \"affected\", \"version\": \"9.0.0\", \"versionType\": \"semver\"}, {\"lessThan\": \"10.4.54\", \"status\": \"affected\", \"version\": \"10.0.0\", \"versionType\": \"semver\"}, {\"lessThan\": \"11.5.48\", \"status\": \"affected\", \"version\": \"11.0.0\", \"versionType\": \"semver\"}, {\"lessThan\": \"12.4.37\", \"status\": \"affected\", \"version\": \"12.0.0\", \"versionType\": \"semver\"}, {\"lessThan\": \"13.4.18\", \"status\": \"affected\", \"version\": \"13.0.0\", \"versionType\": \"semver\"}]}], \"credits\": [{\"lang\": \"en\", \"type\": \"reporter\", \"value\": \"Elias H\\u00e4u\\u00dfler\"}, {\"lang\": \"en\", \"type\": \"remediation developer\", \"value\": \"Elias H\\u00e4u\\u00dfler\"}], \"datePublic\": \"2025-09-09T09:00:00.000Z\", \"descriptions\": [{\"lang\": \"en\", \"supportingMedia\": [{\"base64\": false, \"type\": \"text/html\", \"value\": \"Missing authorization checks in the Backend Routing of TYPO3 CMS versions 9.0.0\\u20119.5.54, 10.0.0\\u201110.4.53, 11.0.0\\u201111.5.47, 12.0.0\\u201112.4.36, and 13.0.0\\u201113.4.17 allow backend users to directly invoke AJAX backend routes without having access to the corresponding backend modules.\"}], \"value\": \"Missing authorization checks in the Backend Routing of TYPO3 CMS versions 9.0.0\\u20119.5.54, 10.0.0\\u201110.4.53, 11.0.0\\u201111.5.47, 12.0.0\\u201112.4.36, and 13.0.0\\u201113.4.17 allow backend users to directly invoke AJAX backend routes without having access to the corresponding backend modules.\"}], \"metrics\": [{\"cvssV4_0\": {\"Automatable\": \"NOT_DEFINED\", \"Recovery\": \"NOT_DEFINED\", \"Safety\": \"NOT_DEFINED\", \"attackComplexity\": \"LOW\", \"attackRequirements\": \"NONE\", \"attackVector\": \"NETWORK\", \"baseScore\": 5.3, \"baseSeverity\": \"MEDIUM\", \"privilegesRequired\": \"LOW\", \"providerUrgency\": \"NOT_DEFINED\", \"subAvailabilityImpact\": \"NONE\", \"subConfidentialityImpact\": \"NONE\", \"subIntegrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"valueDensity\": \"NOT_DEFINED\", \"vectorString\": \"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N\", \"version\": \"4.0\", \"vulnAvailabilityImpact\": \"LOW\", \"vulnConfidentialityImpact\": \"LOW\", \"vulnIntegrityImpact\": \"LOW\", \"vulnerabilityResponseEffort\": \"NOT_DEFINED\"}, \"format\": \"CVSS\", \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"problemTypes\": [{\"descriptions\": [{\"cweId\": \"CWE-862\", \"description\": \"CWE-862 Missing Authorization\", \"lang\": \"en\", \"type\": \"CWE\"}]}], \"providerMetadata\": {\"orgId\": \"f4fb688c-4412-4426-b4b8-421ecf27b14a\", \"shortName\": \"TYPO3\", \"dateUpdated\": \"2025-09-09T09:01:03.951Z\"}, \"references\": [{\"tags\": [\"vendor-advisory\"], \"url\": \"https://typo3.org/security/advisory/typo3-core-sa-2025-021\"}], \"source\": {\"discovery\": \"UNKNOWN\"}, \"title\": \"Broken Access Control in Backend AJAX Routes\", \"x_generator\": {\"engine\": \"Vulnogram 0.2.0\"}}, \"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-59017\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-09-09T19:30:08.547495Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-09-09T19:30:12.423Z\"}}]}",
"cveMetadata": "{\"cveId\": \"CVE-2025-59017\", \"assignerOrgId\": \"f4fb688c-4412-4426-b4b8-421ecf27b14a\", \"state\": \"PUBLISHED\", \"assignerShortName\": \"TYPO3\", \"dateReserved\": \"2025-09-07T19:01:20.436Z\", \"datePublished\": \"2025-09-09T09:01:03.951Z\", \"dateUpdated\": \"2025-09-09T19:30:15.708Z\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…