CVE-2025-47936

Name of the Vulnerable Software and Affected Versions: TYPO3 versions 12.x prior to 12.4.31 LTS TYPO3 versions 13.x prior to 13.4.2 LTS

Description: The issue concerns Cross-Site Request Forgery (CSRF) in Webhooks, which can be exploited by adversaries to target internal resources, such as localhost or other services on the local network. This exploit requires an administrator-level backend user account. It enables attackers to access systems that would otherwise be inaccessible.

Recommendations: For TYPO3 versions 12.x prior to 12.4.31 LTS, update to version 12.4.31 LTS to fix the problem. For TYPO3 versions 13.x prior to 13.4.2 LTS, update to version 13.4.12 LTS to fix the problem.