CVE-2024-55892

Medium CVSS: 4.8

TYPO3 is a free and open source Content Management Framework. Applications that use `TYPO3\CMS\Core\Http\Uri` to parse externally provided URLs (e.g., via a query parameter) and validate the host of the parsed URL may be vulnerable to open redirect or SSRF attacks if the URL is used after passing the validation checks. Users are advised to update to TYPO3 versions 9.5.49 ELTS, 10.4.48 ELTS, 11.5.42 LTS, 12.4.25 LTS, 13.4.3 which fix the problem described. There are no known workarounds for this vulnerability.

Vendor

Typo3

Product

Typo3

CWE

CWE-601

Yayın Tarihi

2025-01-14 20:15:28

Güncelleme

2025-08-26 18:55:45

Source Identifier

security-advisories@github.com

KEV Date Added

Kategoriler

CWE-601 Typo3 MEDIUM Typo3 2025

Referanslar

https://github.com/TYPO3/typo3/security/advisories/GHSA-2fx5-pggv-6jjr https://typo3.org/security/advisory/typo3-core-sa-2025-002

Benzer Kayıtlar

Medium

CVE-2025-59021

Backend users with access to the redirects module and write permission on the sys_redirect table were able to read, crea…

High

CVE-2025-59022

Backend users who had access to the recycler module could delete arbitrary data from any database table defined in the T…

Medium

CVE-2026-0859

TYPO3's mail‑file spool deserialization flaw lets local users with write access to the spool directory craft a malicious…

Medium

CVE-2025-59020

By exploiting the defVals parameter, attackers could bypass field‑level access checks during record creation in the TYPO…

Medium

CVE-2025-59019

Missing authorization checks in the CSV download feature of TYPO3 CMS versions 11.0.0‑11.5.47, 12.0.0‑12.4.36, and 13.0.…

Medium

CVE-2025-59015

A deterministic three‑character prefix in the Password Generation component of TYPO3 CMS versions 12.0.0–12.4.36 and 13.…