CVE-2025-59013

Name of the Vulnerable Software and Affected Versions: TYPO3 CMS versions 9.0.0 through 9.5.54 TYPO3 CMS versions 10.0.0 through 10.4.53 TYPO3 CMS versions 11.0.0 through 11.5.47 TYPO3 CMS versions 12.0.0 through 12.4.36 TYPO3 CMS versions 13.0.0 through 13.4.17

Description: An open-redirect vulnerability exists in the GeneralUtility::sanitizeLocalUrl function. This allows an attacker to redirect users to arbitrary external sites, potentially enabling phishing attacks through a manipulated, sanitized URL.

Recommendations: TYPO3 CMS versions 9.0.0 through 9.5.54: At the moment, there is no information about a newer version that contains a fix for this vulnerability. TYPO3 CMS versions 10.0.0 through 10.4.53: At the moment, there is no information about a newer version that contains a fix for this vulnerability. TYPO3 CMS versions 11.0.0 through 11.5.47: At the moment, there is no information about a newer version that contains a fix for this vulnerability. TYPO3 CMS versions 12.0.0 through 12.4.36: At the moment, there is no information about a newer version that contains a fix for this vulnerability. TYPO3 CMS versions 13.0.0 through 13.4.17: At the moment, there is no information about a newer version that contains a fix for this vulnerability.