TYPO3 security update 13.4.18, 12.4.37
The TYPO3 Security Team has released new TYPO3 versions today. These close seven security gaps.
TYPO3-CORE-SA-2025-017: Open Redirect in TYPO3 CMS
Affected component: TYPO3 CMS
Severity: medium
Affected TYPO3 versions: 9.0.0-9.5.54, 10.0.0-10.4.53, 11.0.0-11.5.47, 12.0.0-12.4.36, 13.0.0-13.4.17
Details: TYPO3 checks redirects for local addresses, but attackers can bypass this check and redirect users to external sites. This allows phishing attacks or other manipulations to be carried out.
TYPO3-CORE-SA-2025-018: Denial of Service in TYPO3 Bookmark Toolbar
Affected component: TYPO3 CMS
Severity: medium
Affected TYPO3 versions: 11.0.0-11.5.47, 12.0.0-12.4.36, 13.0.0-13.4.17
Details: Manipulated data in the bookmark bar of the TYPO3 backend can lead to the backend no longer being usable. This blocks access for affected users, but requires an administrator account.
TYPO3-CORE-SA-2025-019: Insufficient Entropy in Password Generation
Affected component: TYPO3 CMS
Severity: medium
Affected TYPO3 versions: 12.0.0-12.4.36, 13.0.0-13.4.17
Details: The automatic password generation creates passwords with a predictable beginning. This makes the generated passwords less secure than expected.
TYPO3-CORE-SA-2025-020: Information Disclosure via File Abstraction Layer
Affected component: TYPO3 CMS
Severity: medium
Affected TYPO3 versions: 9.0.0-9.5.54, 10.0.0-10.4.53, 11.0.0-11.5.47, 12.0.0-12.4.36, 13.0.0-13.4.17
Details: If certain file operations fail, the full location of the file is revealed. This requires valid backend access.
TYPO3-CORE-SA-2025-021: Broken Access Control in Backend AJAX Routes
Affected component: TYPO3 CMS
Severity: medium
Affected TYPO3 versions: 9.0.0-9.5.54, 10.0.0-10.4.53, 11.0.0-11.5.47, 12.0.0-12.4.36, 13.0.0-13.4.17
Details: Some AJAX interfaces in the backend did not check user rights correctly. This allowed logged-in users to read, change or delete data, even without the necessary module rights.
TYPO3-CORE-SA-2025-022: Information Disclosure in Workspaces Module
Affected component: TYPO3 CMS
Severity: high
Affected TYPO3 versions: 9.0.0-9.5.54, 10.0.0-10.4.53, 11.0.0-11.5.47, 12.0.0-12.4.36, 13.0.0-13.4.17
Details: An insecure AJAX interface in the Workspaces module allowed logged-in users to retrieve data from arbitrary database tables. This made it possible to access sensitive information without having the necessary rights.
TYPO3-CORE-SA-2025-023: Information Disclosure via CSV Download
Affected component: TYPO3 CMS
Severity: medium
Affected TYPO3 versions: 11.0.0-11.5.47, 12.0.0-12.4.36, 13.0.0-13.4.17
Details: The CSV export in the backend was missing a rights check. This allowed logged-in users to download data from database tables to which they should not actually have access - but only within their own page tree.
This page contains automatically translated content.