typo3/cms-core Security Advisories for v12.4.28 (7)
-
[MEDIUM] TYPO3 CMS exposes sensitive information in an error message
PKSA-ns26-fz7n-2jm8 CVE-2025-59016 GHSA-cvm2-5f78-g9m8
Affected version: >=13.0.0,<13.4.18|>=12.0.0,<12.4.37|>=11.0.0,<11.5.48|>=10.0.0,<10.4.54|>=9.0.0,<9.5.55
Reported by:
GitHub -
[MEDIUM] TYPO3 CMS has an open‑redirect vulnerability
PKSA-pz1k-khnw-3j7j CVE-2025-59013 GHSA-72jf-5fg5-3cw3
Affected version: >=13.0.0,<13.4.18|>=12.0.0,<12.4.37|>=11.0.0,<11.5.48|>=10.0.0,<10.4.54|>=9.0.0,<9.5.55
Reported by:
GitHub -
[MEDIUM] TYPO3 CMS uses insufficient entropy when generating passwords
PKSA-rwv7-ff55-f18g CVE-2025-59015 GHSA-p5jq-5383-qvc7
Affected version: >=13.0.0,<13.4.18|>=12.0.0,<12.4.37
Reported by:
GitHub -
[HIGH] TYPO3 Allows Privilege Escalation to System Maintainer
PKSA-2ssc-6m7w-s9xh CVE-2025-47940 GHSA-6frx-j292-c844
Affected version: >=13.0.0,<=13.4.11|>=12.0.0,<=12.4.30|>=11.0.0,<=11.5.43|>=10.4.0,<=10.4.49
Reported by:
GitHub -
[MEDIUM] TYPO3 Allows Unrestricted File Upload in File Abstraction Layer
PKSA-q3vc-nbpk-d1gk CVE-2025-47939 GHSA-9hq9-cr36-4wpj
Affected version: >=13.0.0,<=13.4.11|>=12.0.0,<=12.4.30|>=11.0.0,<=11.5.43|>=10.0.0,<=10.4.49|>=9.0.0,<=9.5.50
Reported by:
GitHub -
[LOW] TYPO3 Unverified Password Change for Backend Users
PKSA-6d7x-2gs8-wr59 CVE-2025-47938 GHSA-3jrg-97f3-rqh9
Affected version: >=13.0.0,<=13.4.11|>=12.0.0,<=12.4.30|>=11.0.0,<=11.5.43|>=10.0.0,<=10.4.49|>=9.0.0,<=9.5.50
Reported by:
GitHub -
[LOW] TYPO3 Allows Information Disclosure via DBAL Restriction Handling
PKSA-b5m3-ttcx-cz18 CVE-2025-47937 GHSA-x8pv-fgxp-8v3x
Affected version: >=13.0.0,<=13.4.11|>=12.0.0,<=12.4.30|>=11.0.0,<=11.5.43|>=10.0.0,<=10.4.49|>=9.0.0,<=9.5.50
Reported by:
GitHub