CVE-2025-59016

Name of the Vulnerable Software and Affected Versions: TYPO3 CMS versions 9.0.0 through 9.5.54 TYPO3 CMS versions 10.0.0 through 10.4.53 TYPO3 CMS versions 11.0.0 through 11.5.47 TYPO3 CMS versions 12.0.0 through 12.4.36 TYPO3 CMS versions 13.0.0 through 13.4.17

Description: The File Abstraction Layer in TYPO3 CMS is susceptible to disclosing full file paths through error messages generated during failed low-level file-system operations. This allows backend users to potentially gain access to sensitive information.

Recommendations: TYPO3 CMS versions 9.0.0 through 9.5.54: At the moment, there is no information about a newer version that contains a fix for this vulnerability. TYPO3 CMS versions 10.0.0 through 10.4.53: At the moment, there is no information about a newer version that contains a fix for this vulnerability. TYPO3 CMS versions 11.0.0 through 11.5.47: At the moment, there is no information about a newer version that contains a fix for this vulnerability. TYPO3 CMS versions 12.0.0 through 12.4.36: At the moment, there is no information about a newer version that contains a fix for this vulnerability. TYPO3 CMS versions 13.0.0 through 13.4.17: At the moment, there is no information about a newer version that contains a fix for this vulnerability.