PT-2025-36695 · Typo3 · Typo3/Cms
Benjamin Franzke
+1
·
Published
2025-09-09
·
Updated
2025-09-26
·
CVE-2025-59019
CVSS v4.0
5.3
Medium
| Vector | AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N |
Name of the Vulnerable Software and Affected Versions:
TYPO3 CMS versions 11.0.0 through 11.5.47
TYPO3 CMS versions 12.0.0 through 12.4.36
TYPO3 CMS versions 13.0.0 through 13.4.17
Description:
The CSV download feature lacks proper authorization checks. This allows backend users to disclose information from arbitrary database tables stored within their web mounts, even without having explicit access to those tables.
Recommendations:
Update TYPO3 CMS to a version beyond 11.5.47.
Update TYPO3 CMS to a version beyond 12.4.36.
Update TYPO3 CMS to a version beyond 13.4.17.
Fix
Information Disclosure
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Typo3/Cms