CVE-2025-47937

CVSS v3.1

5.3

Medium

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions: TYPO3 versions 9.0.0 through 9.5.50 ELTS TYPO3 versions 10.0.0 through 10.4.49 ELTS TYPO3 versions 11.0.0 through 11.5.43 ELTS TYPO3 versions 12.0.0 through 12.4.30 LTS TYPO3 versions 13.0.0 through 13.4.11 LTS

Description: The issue affects the database abstraction layer (DBAL) in TYPO3, where frontend user permissions are only applied via FrontendGroupRestriction to the first table in a database query involving multiple tables. This may result in unintentional exposure of data from additional tables to unauthorized users.

Recommendations: Update to TYPO3 version 9.5.51 ELTS Update to TYPO3 version 10.4.50 ELTS Update to TYPO3 version 11.5.44 ELTS Update to TYPO3 version 12.4.31 LTS Update to TYPO3 version 13.4.12 LTS

Exploit

Fix

Incorrect Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-863

Related Identifiers

BDU:2025-06004

CVE-2025-47937

GHSA-X8PV-FGXP-8V3X

Affected Products

Typo3

CVE-2025-47937

Weakness Enumeration

Related Identifiers

Affected Products

References · 10