PT-2026-2475 · Typo3 · Typo3/Cms
Elias Häußler
+1
·
Published
2026-01-13
·
Updated
2026-01-13
·
CVE-2025-59021
CVSS v3.1
6.4
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
TYPO3 CMS versions 10.0.0 through 10.4.54
TYPO3 CMS versions 11.0.0 through 11.5.48
TYPO3 CMS versions 12.0.0 through 12.4.40
TYPO3 CMS versions 13.0.0 through 13.4.22
TYPO3 CMS versions 14.0.0 through 14.0.1
Description
Users with backend access to the redirects module and write permission on the
sys redirect table could read, create, and modify any redirect record without restrictions. This allowed for the insertion or alteration of redirects pointing to arbitrary URLs, potentially enabling phishing or other malicious redirect attacks.Recommendations
TYPO3 CMS versions 10.0.0 through 10.4.54 should be updated.
TYPO3 CMS versions 11.0.0 through 11.5.48 should be updated.
TYPO3 CMS versions 12.0.0 through 12.4.40 should be updated.
TYPO3 CMS versions 13.0.0 through 13.4.22 should be updated.
TYPO3 CMS versions 14.0.0 through 14.0.1 should be updated.
Fix
Missing Authorization
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Typo3/Cms