CVE-2025-59019

EPSS 0.07%

TYPO3 CSV download feature information disclosure

發布日:2025/9/9修改日:2025/9/9

描述

Missing authorization checks in the CSV download feature of TYPO3 CMS versions 11.0.0‑11.5.47, 12.0.0‑12.4.36, and 13.0.0‑13.4.17 allow backend users to disclose information from arbitrary database tables stored within the users' web mounts without having access to them.

受影響套件(2)

Packagist/typo3/cms-backend>= 12.0.0, < 12.4.37
Packagist/typo3/cms-recordlist>= 11.0.0, < 12.4.37

CVSS 分數

來源	版本	嚴重程度	向量
osv	CVSS 4.0	—	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

參考連結(3)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2025-59019
WEBhttps://github.com/TYPO3-CMS/backend/commit/c983415f062c32f8edbb78544a0ff3219bc35d17
WEBhttps://typo3.org/security/advisory/typo3-core-sa-2025-023