CVE-2025-59017

Name of the Vulnerable Software and Affected Versions: TYPO3 CMS versions 9.0.0 through 9.5.54 TYPO3 CMS versions 10.0.0 through 10.4.53 TYPO3 CMS versions 11.0.0 through 11.5.47 TYPO3 CMS versions 12.0.0 through 12.4.36 TYPO3 CMS versions 13.0.0 through 13.4.17

Description: The Backend Routing component lacks proper authorization checks. This allows backend users to directly invoke AJAX backend routes without the necessary access permissions to the corresponding backend modules.

Recommendations: TYPO3 CMS versions 9.0.0 through 9.5.54: At the moment, there is no information about a newer version that contains a fix for this vulnerability. TYPO3 CMS versions 10.0.0 through 10.4.53: At the moment, there is no information about a newer version that contains a fix for this vulnerability. TYPO3 CMS versions 11.0.0 through 11.5.47: At the moment, there is no information about a newer version that contains a fix for this vulnerability. TYPO3 CMS versions 12.0.0 through 12.4.36: At the moment, there is no information about a newer version that contains a fix for this vulnerability. TYPO3 CMS versions 13.0.0 through 13.4.17: At the moment, there is no information about a newer version that contains a fix for this vulnerability.