CVE-2025-47940

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2025-47940
TYPO3 is an open source, PHP based web content management system. Starting in version 10.0.0 and prior to versions 10.4.50 ELTS, 11.5.44 ELTS, 12.4.31 LTS, and 13.4.12 LTS, administrator-level backend users without system maintainer privileges can escalate their privileges and gain system maintainer access. Exploiting this vulnerability requires a valid administrator account. Users should update to TYPO3 version 10.4.50 ELTS, 11.5.44 ELTS, 12.4.31 LTS, or 13.4.12 LTS to fix the problem.

7.2 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.2 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://github.com/TYPO3/typo3/security/advisories/GHSA-6frx-j292-c844 Vendor Advisory
https://typo3.org/security/advisory/typo3-core-sa-2025-016 Vendor Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*
cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*
cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*
cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*
History

03 Sep 2025, 17:24

Type Values Removed Values Added
CPE cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*
First Time Typo3 typo3
Typo3
References () https://github.com/TYPO3/typo3/security/advisories/GHSA-6frx-j292-c844 - () https://github.com/TYPO3/typo3/security/advisories/GHSA-6frx-j292-c844 - Vendor Advisory
References () https://typo3.org/security/advisory/typo3-core-sa-2025-016 - () https://typo3.org/security/advisory/typo3-core-sa-2025-016 - Vendor Advisory
Summary
  • (es) TYPO3 es un sistema de gestión de contenido web de código abierto basado en PHP. A partir de la versión 10.0.0 y anteriores a las versiones 10.4.50 ELTS, 11.5.44 ELTS, 12.4.31 LTS y 13.4.12 LTS, los usuarios de backend con nivel de administrador sin privilegios de mantenimiento del sistema pueden escalar sus privilegios y obtener acceso de mantenimiento del sistema. Para explotar esta vulnerabilidad se requiere una cuenta de administrador válida. Los usuarios deben actualizar a las versiones 10.4.50 ELTS, 11.5.44 ELTS, 12.4.31 LTS o 13.4.12 LTS de TYPO3 para solucionar el problema.

20 May 2025, 14:15

Type Values Removed Values Added
New CVE
Information

Published : 2025-05-20 14:15

Updated : 2025-09-03 17:24

NVD link : CVE-2025-47940

Mitre link : CVE-2025-47940

CVE.ORG link : CVE-2025-47940

JSON object : View

Products Affected

typo3

  • typo3
CWE
CWE-283

Unverified Ownership