Missing authorization checks in the Workspace Module of TYPO3 CMS versions 9.0.0‑9.5.54, 10.0.0‑10.4.53, 11.0.0‑11.5.47, 12.0.0‑12.4.36, and 13.0.0‑13.4.17 allow backend users to directly invoke the corresponding AJAX backend route to disclose sensitive information without having access.
References
| Link | Resource |
|---|---|
| https://typo3.org/security/advisory/typo3-core-sa-2025-022 | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
26 Sep 2025, 14:08
| Type | Values Removed | Values Added |
|---|---|---|
| References | () https://typo3.org/security/advisory/typo3-core-sa-2025-022 - Vendor Advisory |
11 Sep 2025, 21:15
| Type | Values Removed | Values Added |
|---|---|---|
| References |
|
|
10 Sep 2025, 13:48
| Type | Values Removed | Values Added |
|---|---|---|
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : 6.5 |
| References | () https://typo3.org/security/advisory/typo3-core-sa-2025-021 - Not Applicable | |
| References | () https://www.cve.org/CVERecord?id=CVE-2025-59017 - Third Party Advisory, Not Applicable | |
| First Time |
Typo3 typo3
Typo3 |
|
| CPE | cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:* |
09 Sep 2025, 09:15
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2025-09-09 09:15
Updated : 2025-09-26 14:08
NVD link : CVE-2025-59018
Mitre link : CVE-2025-59018
CVE.ORG link : CVE-2025-59018
JSON object : View
Products Affected
typo3
- typo3
CWE
CWE-200
Exposure of Sensitive Information to an Unauthorized Actor