PT-2025-22143 · Typo3 · Typo3
Jens Jacobsen
+1
·
Published
2025-05-20
·
Updated
2025-05-25
·
CVE-2025-47941
CVSS v2.0
9.0
High
| Vector | AV:N/AC:L/Au:S/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
TYPO3 versions 12.x prior to 12.4.31 LTS
TYPO3 versions 13.x prior to 13.4.2 LTS
Description
The issue concerns the multifactor authentication (MFA) dialog presented during backend login, which can be bypassed due to insufficient enforcement of access restrictions on all backend routes. Successful exploitation requires valid backend user credentials, as MFA can only be bypassed after successful authentication.
Recommendations
For versions 12.x prior to 12.4.31 LTS, update to TYPO3 version 12.4.31 LTS to fix the problem.
For versions 13.x prior to 13.4.2 LTS, update to TYPO3 version 13.4.2 LTS to fix the problem.
Exploit
Fix
Authentication Bypass Using an Alternate Path or Channel
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Typo3