CVE-2025-59018

Missing authorization checks in the Workspace Module of TYPO3 CMS versions 9.0.0‑9.5.54, 10.0.0‑10.4.53, 11.0.0‑11.5.47, 12.0.0‑12.4.36, and 13.0.0‑13.4.17 allow backend users to directly invoke the corresponding AJAX backend route to disclose sensitive information without having access.

CVSS v3 6.5 MEDIUM

6.5^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.8 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://typo3.org/security/advisory/typo3-core-sa-2025-022

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:typo3:typo3::::::::
	cpe:2.3:a:typo3:typo3::::::::
	cpe:2.3:a:typo3:typo3::::::::
	cpe:2.3:a:typo3:typo3::::::::
	cpe:2.3:a:typo3:typo3::::::::

History

11 Sep 2025, 21:15

Type	Values Removed	Values Added
References	~~{'url': 'https://typo3.org/security/advisory/typo3-core-sa-2025-021', 'tags': ['Not Applicable'], 'source': 'f4fb688c-4412-4426-b4b8-421ecf27b14a'}~~ ~~{'url': 'https://www.cve.org/CVERecord?id=CVE-2025-59017', 'tags': ['Third Party Advisory', 'Not Applicable'], 'source': 'f4fb688c-4412-4426-b4b8-421ecf27b14a'}~~	() https://typo3.org/security/advisory/typo3-core-sa-2025-022 -

10 Sep 2025, 13:48

Type	Values Removed	Values Added
CPE		cpe:2.3:a:typo3:typo3::::::::
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 6.5
First Time		Typo3 typo3 Typo3
References	~~() https://typo3.org/security/advisory/typo3-core-sa-2025-021 -~~	() https://typo3.org/security/advisory/typo3-core-sa-2025-021 - Not Applicable
References	~~() https://www.cve.org/CVERecord?id=CVE-2025-59017 -~~	() https://www.cve.org/CVERecord?id=CVE-2025-59017 - Third Party Advisory, Not Applicable

09 Sep 2025, 09:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-09-09 09:15

Updated : 2025-09-11 21:15

NVD link : CVE-2025-59018

Mitre link : CVE-2025-59018

CVE.ORG link : CVE-2025-59018

JSON object : View

Products Affected

typo3

typo3

CWE

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

{"id": "CVE-2025-59018", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 2.8}], "cvssMetricV40": [{"type": "Secondary", "source": "f4fb688c-4412-4426-b4b8-421ecf27b14a", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 7.1, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2025-09-09T09:15:40.907", "references": [{"url": "https://typo3.org/security/advisory/typo3-core-sa-2025-022", "source": "f4fb688c-4412-4426-b4b8-421ecf27b14a"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "f4fb688c-4412-4426-b4b8-421ecf27b14a", "description": [{"lang": "en", "value": "CWE-200"}]}], "descriptions": [{"lang": "en", "value": "Missing authorization checks in the Workspace Module of TYPO3 CMS versions 9.0.0\u20119.5.54, 10.0.0\u201110.4.53, 11.0.0\u201111.5.47, 12.0.0\u201112.4.36, and 13.0.0\u201113.4.17 allow backend users to directly invoke the corresponding AJAX backend route to disclose sensitive information without having access."}], "lastModified": "2025-09-11T21:15:34.773", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1E866731-B777-4891-B640-782B989C9D4C", "versionEndExcluding": "9.5.55", "versionStartIncluding": "9.0.0"}, {"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DECE7F7E-CAF9-4D9A-A2B4-DAEE5254653B", "versionEndExcluding": "10.4.54", "versionStartIncluding": "10.0.0"}, {"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0A6E9C36-3060-45FA-978B-902532F7E7FF", "versionEndExcluding": "11.5.48", "versionStartIncluding": "11.0.0"}, {"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D342CCDE-6D19-4FBA-B44C-271D3E20435B", "versionEndExcluding": "12.4.37", "versionStartIncluding": "12.0.0"}, {"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3513743D-D6B3-4CDE-A513-52F6E499D681", "versionEndExcluding": "13.4.18", "versionStartIncluding": "13.0.0"}], "operator": "OR"}]}], "sourceIdentifier": "f4fb688c-4412-4426-b4b8-421ecf27b14a"}