typo3/cms-backend Security Advisories for v13.4.1 (4)
-
[MEDIUM] TYPO3 CSV download feature information disclosure
PKSA-npmp-rd1w-2fyt CVE-2025-59019 GHSA-j8vm-7q52-2m2m
Affected version: >=13.0.0,<13.4.18|>=12.0.0,<12.4.37
Reported by:
GitHub -
[MEDIUM] TYPO3 backend modules have Broken Access Control
PKSA-27mn-p368-8rxc CVE-2025-59017 GHSA-2fhw-2j7m-mr4m
Affected version: >=13.0.0,<13.4.18|>=12.0.0,<12.4.37|>=11.0.0,<11.5.48|>=10.0.0,<10.4.54|>=9.0.0,<9.5.55
Reported by:
GitHub -
[MEDIUM] TYPO3 Bookmark Toolbar vulnerable to denial of service
PKSA-957f-x856-svyv CVE-2025-59014 GHSA-xrcq-533q-8rxw
Affected version: >=13.0.0,<13.4.18|>=12.0.0,<12.4.37|>=11.0.0,<11.5.48
Reported by:
GitHub -
[HIGH] The TYPO3 CMS Backend has Broken Authentication in Backend MFA
PKSA-7w9w-389g-6rb9 CVE-2025-47941 GHSA-744g-7qm9-hjh9
Affected version: >=13.0.0,<=13.4.11|>=12.0.0,<=12.4.30
Reported by:
GitHub