CVE-2025-47939

Name of the Vulnerable Software and Affected Versions TYPO3 versions 9.0.0 through 9.5.50 ELTS TYPO3 versions 10.0.0 through 10.4.49 ELTS TYPO3 versions 11.0.0 through 11.5.43 ELTS TYPO3 versions 12.0.0 through 12.4.30 LTS TYPO3 versions 13.0.0 through 13.4.11 LTS

Description The file management module in TYPO3's backend user interface allows the upload of any file type, with the exception of those that are directly executable in a web server context. This lack of restriction means it is possible to upload files that may be considered potentially harmful, such as executable binaries or files with inconsistent file extensions and MIME types. Although such files are not directly executable through the web server, their presence can introduce indirect risks, such as third-party services flagging or blocking access to the website for end users if suspicious files are found.

Recommendations Update to TYPO3 version 9.5.51 ELTS to fix the problem. Update to TYPO3 version 10.4.50 ELTS to fix the problem. Update to TYPO3 version 11.5.44 ELTS to fix the problem. Update to TYPO3 version 12.4.31 LTS to fix the problem. Update to TYPO3 version 13.4.12 LTS to fix the problem.