PT-2025-22142 · Typo3 · Typo3
Alexander Künzl
·
Published
2025-05-20
·
Updated
2025-05-25
·
CVE-2025-47940
CVSS v2.0
9.0
High
| Vector | AV:N/AC:L/Au:S/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
TYPO3 versions 10.0.0 through 10.4.49 ELTS
TYPO3 versions 11.0.0 through 11.5.43 ELTS
TYPO3 versions 12.0.0 through 12.4.30 LTS
TYPO3 versions 13.0.0 through 13.4.11 LTS
Description
The issue allows administrator-level backend users without system maintainer privileges to escalate their privileges and gain system maintainer access. Exploiting this requires a valid administrator account.
Recommendations
For versions 10.0.0 through 10.4.49 ELTS, update to version 10.4.50 ELTS.
For versions 11.0.0 through 11.5.43 ELTS, update to version 11.5.44 ELTS.
For versions 12.0.0 through 12.4.30 LTS, update to version 12.4.31 LTS.
For versions 13.0.0 through 13.4.11 LTS, update to version 13.4.12 LTS.
Exploit
Fix
LPE
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Typo3