CVE-2025-59017

unknown

Published 2025-09-09 · Modified 2025-09-09

CVSS v3

—

CVSS v2

—

VIR risk

—

Description

TYPO3 backend modules have Broken Access Control

Predictions

Exploit likelihood

20%

Patch ETA

—

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

No vendor mitigations ingested yet for this CVE. The mitigation-content worker queues fetches as references arrive — check back in a few minutes, or see the references list below.

Package impact

Ecosystem	Package	Vulnerable	Fixed
Packagist	typo3/cms-workspaces	`>=9.0.0,<12.4.37`	`12.4.37`
Packagist	typo3/cms-workspaces	`>=10.0.0,<12.4.37`	`12.4.37`
Packagist	typo3/cms-workspaces	`>=11.0.0,<12.4.37`	`12.4.37`
Packagist	typo3/cms-workspaces	`>=12.0.0,<12.4.37`	`12.4.37`
Packagist	typo3/cms-workspaces	`>=13.0.0,<13.4.18`	`13.4.18`
Packagist	typo3/cms-recycler	`>=9.0.0,<12.4.37`	`12.4.37`
Packagist	typo3/cms-recycler	`>=10.0.0,<12.4.37`	`12.4.37`
Packagist	typo3/cms-recycler	`>=11.0.0,<12.4.37`	`12.4.37`
Packagist	typo3/cms-recycler	`>=12.0.0,<12.4.37`	`12.4.37`
Packagist	typo3/cms-recycler	`>=13.0.0,<13.4.18`	`13.4.18`
Packagist	typo3/cms-dashboard	`>=10.0.0,<12.4.37`	`12.4.37`
Packagist	typo3/cms-dashboard	`>=11.0.0,<12.4.37`	`12.4.37`
Packagist	typo3/cms-dashboard	`>=12.0.0,<12.4.37`	`12.4.37`
Packagist	typo3/cms-dashboard	`>=13.0.0,<13.4.18`	`13.4.18`
Packagist	typo3/cms-beuser	`>=13.0.0,<13.4.18`	`13.4.18`
Packagist	typo3/cms-beuser	`>=12.0.0,<12.4.37`	`12.4.37`
Packagist	typo3/cms-beuser	`>=11.0.0,<12.4.37`	`12.4.37`
Packagist	typo3/cms-beuser	`>=10.0.0,<12.4.37`	`12.4.37`
Packagist	typo3/cms-beuser	`>=9.0.0,<12.4.37`	`12.4.37`
Packagist	typo3/cms-backend	`>=9.0.0,<12.4.37`	`12.4.37`
Packagist	typo3/cms-backend	`>=10.0.0,<12.4.37`	`12.4.37`
Packagist	typo3/cms-backend	`>=11.0.0,<12.4.37`	`12.4.37`
Packagist	typo3/cms-backend	`>=12.0.0,<12.4.37`	`12.4.37`
Packagist	typo3/cms-backend	`>=13.0.0,<13.4.18`	`13.4.18`

References

Verify integrity in audit chain (admin only). AS-IS.