CVSS: 8.3EPSS: 0%CPEs: 2EXPL: 0CVE-2025-47941 – TYPO3 Has Broken Authentication in Backend MFA
https://notcve.org/view.php?id=CVE-2025-47941
20 May 2025 — TYPO3 is an open source, PHP based web content management system. In versions on the 12.x branch prior to 12.4.31 LTS and the 13.x branch prior to 13.4.2 LTS, the multifactor authentication (MFA) dialog presented during backend login can be bypassed due to insufficient enforcement of access restrictions on all backend routes. Successful exploitation requires valid backend user credentials, as MFA can only be bypassed after successful authentication. Users should update to TYPO3 version 12.4.31 LTS or 13.4.1... • https://github.com/TYPO3/typo3/security/advisories/GHSA-744g-7qm9-hjh9 • CWE-288: Authentication Bypass Using an Alternate Path or Channel •
CVSS: 8.3EPSS: 0%CPEs: 4EXPL: 0CVE-2025-47940 – TYPO3 CMS Vulnerable to Privilege Escalation to System Maintainer
https://notcve.org/view.php?id=CVE-2025-47940
20 May 2025 — TYPO3 is an open source, PHP based web content management system. Starting in version 10.0.0 and prior to versions 10.4.50 ELTS, 11.5.44 ELTS, 12.4.31 LTS, and 13.4.12 LTS, administrator-level backend users without system maintainer privileges can escalate their privileges and gain system maintainer access. Exploiting this vulnerability requires a valid administrator account. Users should update to TYPO3 version 10.4.50 ELTS, 11.5.44 ELTS, 12.4.31 LTS, or 13.4.12 LTS to fix the problem. • https://github.com/TYPO3/typo3/security/advisories/GHSA-6frx-j292-c844 • CWE-283: Unverified Ownership •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2025-47939 – TYPO3 CMS Vulnerable to Unrestricted File Upload in File Abstraction Layer
https://notcve.org/view.php?id=CVE-2025-47939
20 May 2025 — TYPO3 is an open source, PHP based web content management system. By design, the file management module in TYPO3’s backend user interface has historically allowed the upload of any file type, with the exception of those that are directly executable in a web server context. This lack of restriction means it is possible to upload files that may be considered potentially harmful, such as executable binaries (e.g., `.exe` files), or files with inconsistent file extensions and MIME types (for example, a file inc... • https://github.com/TYPO3/typo3/security/advisories/GHSA-9hq9-cr36-4wpj • CWE-351: Insufficient Type Distinction CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 4.7EPSS: 0%CPEs: 5EXPL: 0CVE-2025-47938 – TYPO3 Vulnerable to Unverified Password Change for Backend Users
https://notcve.org/view.php?id=CVE-2025-47938
20 May 2025 — TYPO3 is an open source, PHP based web content management system. Starting in version 9.0.0 and prior to versions 9.5.51 ELTS, 10.4.50 ELTS, 11.5.44 ELTS, 12.4.31 LTS, and 13.4.12 LTS, the backend user management interface allows password changes without requiring the current password. When an administrator updates their own account or modifies other user accounts via the admin interface, the current password is not requested for verification. This behavior may lower the protection against unauthorized acce... • https://github.com/TYPO3/typo3/security/advisories/GHSA-3jrg-97f3-rqh9 • CWE-620: Unverified Password Change •
CVSS: 3.7EPSS: 0%CPEs: 5EXPL: 0CVE-2025-47937 – TYPO3 Vulnerable to Information Disclosure via DBAL Restriction Handling
https://notcve.org/view.php?id=CVE-2025-47937
20 May 2025 — TYPO3 is an open source, PHP based web content management system. Starting in version 9.0.0 and prior to versions 9.5.51 ELTS, 10.4.50 ELTS, 11.5.44 ELTS, 12.4.31 LTS, and 13.4.12 LTS, when performing a database query involving multiple tables through the database abstraction layer (DBAL), frontend user permissions are only applied via `FrontendGroupRestriction` to the first table. As a result, data from additional tables included in the same query may be unintentionally exposed to unauthorized users. Users... • https://github.com/TYPO3/typo3/security/advisories/GHSA-x8pv-fgxp-8v3x • CWE-863: Incorrect Authorization •
CVSS: 3.3EPSS: 0%CPEs: 2EXPL: 0CVE-2025-47936 – TYPO3 Vulnerable to Server Side Request Forgery via Webhooks
https://notcve.org/view.php?id=CVE-2025-47936
20 May 2025 — TYPO3 is an open source, PHP based web content management system. In versions on the 12.x branch prior to 12.4.31 LTS and the 13.x branch prior to 13.4.2 LTS, Webhooks are inherently vulnerable to Cross-Site Request Forgery (CSRF), which can be exploited by adversaries to target internal resources (e.g., localhost or other services on the local network). While this is not a vulnerability in TYPO3 itself, it may enable attackers to blindly access systems that would otherwise be inaccessible. An administrator... • https://github.com/TYPO3/typo3/security/advisories/GHSA-p4xx-m758-3hpx • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 4.2EPSS: 0%CPEs: 1EXPL: 0CVE-2025-24856
https://notcve.org/view.php?id=CVE-2025-24856
16 Mar 2025 — An issue was discovered in the oidc (aka OpenID Connect Authentication) extension before 4.0.0 for TYPO3. The account linking logic allows a pre-hijacking attack, leading to Account Takeover. The attack can only be exploited if the following requirements are met: (1) an attacker can anticipate the e-mail address of the user, (2) an attacker can register a public frontend user account using that e-mail address before the user's first OIDC login, and (3) the IDP returns an email field containing the e-mail ad... • https://github.com/xperseguers/t3ext-oidc/commit/877e09f6faf4c87bbb41233112ec7e30d3c902b3 • CWE-348: Use of Less Trusted Source •
CVSS: 4.8EPSS: 0%CPEs: 5EXPL: 0CVE-2024-55892 – Potential Open Redirect via Parsing Differences in TYPO3
https://notcve.org/view.php?id=CVE-2024-55892
14 Jan 2025 — TYPO3 is a free and open source Content Management Framework. Applications that use `TYPO3\CMS\Core\Http\Uri` to parse externally provided URLs (e.g., via a query parameter) and validate the host of the parsed URL may be vulnerable to open redirect or SSRF attacks if the URL is used after passing the validation checks. Users are advised to update to TYPO3 versions 9.5.49 ELTS, 10.4.48 ELTS, 11.5.42 LTS, 12.4.25 LTS, 13.4.3 which fix the problem described. There are no known workarounds for this vulnerabilit... • https://github.com/TYPO3/typo3/security/advisories/GHSA-2fx5-pggv-6jjr • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 5.0EPSS: 0%CPEs: 4EXPL: 0CVE-2024-55893 – TYPO3 Cross-Site Request Forgery in Log Module
https://notcve.org/view.php?id=CVE-2024-55893
14 Jan 2025 — TYPO3 is a free and open source Content Management Framework. A vulnerability has been identified in the backend user interface functionality involving deep links. Specifically, this functionality is susceptible to Cross-Site Request Forgery (CSRF). Additionally, state-changing actions in downstream components incorrectly accepted submissions via HTTP GET and did not enforce the appropriate HTTP method. Successful exploitation of this vulnerability requires the victim to have an active session on the backen... • https://github.com/TYPO3/typo3/security/advisories/GHSA-cjfr-9f5r-3q93 • CWE-352: Cross-Site Request Forgery (CSRF) CWE-749: Exposed Dangerous Method or Function •
CVSS: 5.0EPSS: 0%CPEs: 4EXPL: 0CVE-2024-55894 – TYPO3 Cross-Site Request Forgery in Backend User Module
https://notcve.org/view.php?id=CVE-2024-55894
14 Jan 2025 — TYPO3 is a free and open source Content Management Framework. A vulnerability has been identified in the backend user interface functionality involving deep links. Specifically, this functionality is susceptible to Cross-Site Request Forgery (CSRF). Additionally, state-changing actions in downstream components incorrectly accepted submissions via HTTP GET and did not enforce the appropriate HTTP method. Successful exploitation of this vulnerability requires the victim to have an active session on the backen... • https://github.com/TYPO3/typo3/security/advisories/GHSA-6w4x-gcx3-8p7v • CWE-352: Cross-Site Request Forgery (CSRF) CWE-749: Exposed Dangerous Method or Function •