CVE-2024-55894
unknown
CVSS v3
—
CVSS v2
—
VIR risk
—
Description
TYPO3 Cross-Site Request Forgery in Backend User Module
Predictions
Exploit likelihood
30%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
No vendor mitigations ingested yet for this CVE. The mitigation-content worker queues fetches as references arrive — check back in a few minutes, or see the references list below.
Package impact
| Ecosystem | Package | Vulnerable | Fixed |
|---|---|---|---|
| Packagist | typo3/cms-beuser | >=10.0.0,<10.4.48 | 10.4.48 |
| Packagist | typo3/cms-beuser | >=11.0.0,<11.5.42 | 11.5.42 |
| Packagist | typo3/cms-beuser | >=12.0.0,<12.4.25 | 12.4.25 |
| Packagist | typo3/cms-beuser | >=13.0.0,<13.4.3 | 13.4.3 |
References
- https://github.com/TYPO3/typo3/security/advisories/GHSA-6w4x-gcx3-8p7v
- https://nvd.nist.gov/vuln/detail/CVE-2024-55894
- https://github.com/TYPO3-CMS/beuser/commit/18603efc3a66d3255fdd04eb6bda6b4d6a95abea
- https://github.com/TYPO3-CMS/beuser/commit/1bb317cb2bc0b2f6ba4f758a088f060b36c67f9d
- https://github.com/TYPO3-CMS/beuser/commit/4142112a878f8805234729751bc6b9c0091560ab
- https://github.com/TYPO3-CMS/beuser
- https://typo3.org/security/advisory/typo3-core-sa-2025-004
Verify integrity in audit chain (admin only). AS-IS.