Vulnerability Database

308,485

Total vulnerabilities in the database

CVE-2025-59017

Missing authorization checks in the Backend Routing of TYPO3 CMS versions 9.0.0‑9.5.54, 10.0.0‑10.4.53, 11.0.0‑11.5.47, 12.0.0‑12.4.36, and 13.0.0‑13.4.17 allow backend users to directly invoke AJAX backend routes without having access to the corresponding backend modules.

CVSS v3:

  • Severity: High
  • Score: 8.8
  • AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWEs:

Software From Fixed in
Composer icon typo3 / cms-workspaces 9.0.0 12.4.37
Composer icon typo3 / cms-workspaces 10.0.0 12.4.37
Composer icon typo3 / cms-workspaces 11.0.0 12.4.37
Composer icon typo3 / cms-workspaces 12.0.0 12.4.37
Composer icon typo3 / cms-workspaces 13.0.0 13.4.18
Composer icon typo3 / cms-recycler 9.0.0 12.4.37
Composer icon typo3 / cms-recycler 10.0.0 12.4.37
Composer icon typo3 / cms-recycler 11.0.0 12.4.37
Composer icon typo3 / cms-recycler 12.0.0 12.4.37
Composer icon typo3 / cms-recycler 13.0.0 13.4.18
Composer icon typo3 / cms-dashboard 10.0.0 12.4.37
Composer icon typo3 / cms-dashboard 11.0.0 12.4.37
Composer icon typo3 / cms-dashboard 12.0.0 12.4.37
Composer icon typo3 / cms-dashboard 13.0.0 13.4.18
Composer icon typo3 / cms-beuser 13.0.0 13.4.18
Composer icon typo3 / cms-beuser 12.0.0 12.4.37
Composer icon typo3 / cms-beuser 11.0.0 12.4.37
Composer icon typo3 / cms-beuser 10.0.0 12.4.37
Composer icon typo3 / cms-beuser 9.0.0 12.4.37
Composer icon typo3 / cms-backend 9.0.0 12.4.37
Composer icon typo3 / cms-backend 10.0.0 12.4.37
Composer icon typo3 / cms-backend 11.0.0 12.4.37
Composer icon typo3 / cms-backend 12.0.0 12.4.37
Composer icon typo3 / cms-backend 13.0.0 13.4.18
typo3 / typo3 9.0.0 9.5.55
typo3 / typo3 10.0.0 10.4.54
typo3 / typo3 11.0.0 11.5.48
typo3 / typo3 12.0.0 12.4.37
typo3 / typo3 13.0.0 13.4.18