CVSS: 5.3EPSS: 0%CPEs: 4EXPL: 0CVE-2025-48202
https://notcve.org/view.php?id=CVE-2025-48202
21 May 2025 — The femanager extension through 8.2.1 for TYPO3 allows Insecure Direct Object Reference. • https://typo3.org/security/advisory/typo3-ext-sa-2025-006 • CWE-425: Direct Request ('Forced Browsing') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2025-48206
https://notcve.org/view.php?id=CVE-2025-48206
21 May 2025 — The ns_backup extension through 13.0.0 for TYPO3 allows XSS. • https://typo3.org/security/advisory/typo3-ext-sa-2025-007 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.6EPSS: 0%CPEs: 2EXPL: 0CVE-2025-48207
https://notcve.org/view.php?id=CVE-2025-48207
21 May 2025 — The reint_downloadmanager extension through 5.0.0 for TYPO3 allows Insecure Direct Object Reference. • https://typo3.org/security/advisory/typo3-ext-sa-2025-004 • CWE-425: Direct Request ('Forced Browsing') •
CVSS: 8.6EPSS: 0%CPEs: 1EXPL: 0CVE-2025-48201
https://notcve.org/view.php?id=CVE-2025-48201
21 May 2025 — The ns_backup extension through 13.0.0 for TYPO3 has a Predictable Resource Location. • https://typo3.org/security/advisory/typo3-ext-sa-2025-007 • CWE-425: Direct Request ('Forced Browsing') •
CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 0CVE-2025-48203
https://notcve.org/view.php?id=CVE-2025-48203
21 May 2025 — The cs_seo extension through 9.2.0 for TYPO3 allows XSS. • https://typo3.org/security/advisory/typo3-ext-sa-2025-005 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-48204
https://notcve.org/view.php?id=CVE-2025-48204
21 May 2025 — The ns_backup extension through 13.0.0 for TYPO3 allows command injection. • https://typo3.org/security/advisory/typo3-ext-sa-2025-007 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 8.6EPSS: 0%CPEs: 1EXPL: 0CVE-2025-48205
https://notcve.org/view.php?id=CVE-2025-48205
21 May 2025 — The sr_feuser_register extension through 12.4.8 for TYPO3 allows Insecure Direct Object Reference. • https://typo3.org/security/advisory/typo3-ext-sa-2025-008 • CWE-425: Direct Request ('Forced Browsing') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-48200
https://notcve.org/view.php?id=CVE-2025-48200
21 May 2025 — The sr_feuser_register extension through 12.4.8 for TYPO3 allows Remote Code Execution. • https://typo3.org/security/advisory/typo3-ext-sa-2025-008 • CWE-502: Deserialization of Untrusted Data •
CVSS: 8.3EPSS: 0%CPEs: 2EXPL: 0CVE-2025-47941 – TYPO3 Has Broken Authentication in Backend MFA
https://notcve.org/view.php?id=CVE-2025-47941
20 May 2025 — TYPO3 is an open source, PHP based web content management system. In versions on the 12.x branch prior to 12.4.31 LTS and the 13.x branch prior to 13.4.2 LTS, the multifactor authentication (MFA) dialog presented during backend login can be bypassed due to insufficient enforcement of access restrictions on all backend routes. Successful exploitation requires valid backend user credentials, as MFA can only be bypassed after successful authentication. Users should update to TYPO3 version 12.4.31 LTS or 13.4.1... • https://github.com/TYPO3/typo3/security/advisories/GHSA-744g-7qm9-hjh9 • CWE-288: Authentication Bypass Using an Alternate Path or Channel •
CVSS: 8.3EPSS: 0%CPEs: 4EXPL: 0CVE-2025-47940 – TYPO3 CMS Vulnerable to Privilege Escalation to System Maintainer
https://notcve.org/view.php?id=CVE-2025-47940
20 May 2025 — TYPO3 is an open source, PHP based web content management system. Starting in version 10.0.0 and prior to versions 10.4.50 ELTS, 11.5.44 ELTS, 12.4.31 LTS, and 13.4.12 LTS, administrator-level backend users without system maintainer privileges can escalate their privileges and gain system maintainer access. Exploiting this vulnerability requires a valid administrator account. Users should update to TYPO3 version 10.4.50 ELTS, 11.5.44 ELTS, 12.4.31 LTS, or 13.4.12 LTS to fix the problem. • https://github.com/TYPO3/typo3/security/advisories/GHSA-6frx-j292-c844 • CWE-283: Unverified Ownership •