typo3/cms-core Security Advisories for v12.4.20 (5)
-
[HIGH] TYPO3 Allows Privilege Escalation to System Maintainer
PKSA-2ssc-6m7w-s9xh CVE-2025-47940 GHSA-6frx-j292-c844
Affected version: >=13.0.0,<=13.4.11|>=12.0.0,<=12.4.30|>=11.0.0,<=11.5.43|>=10.4.0,<=10.4.49
Reported by:
GitHub -
[MEDIUM] TYPO3 Allows Unrestricted File Upload in File Abstraction Layer
PKSA-q3vc-nbpk-d1gk CVE-2025-47939 GHSA-9hq9-cr36-4wpj
Affected version: >=13.0.0,<=13.4.11|>=12.0.0,<=12.4.30|>=11.0.0,<=11.5.43|>=10.0.0,<=10.4.49|>=9.0.0,<=9.5.50
Reported by:
GitHub -
[LOW] TYPO3 Unverified Password Change for Backend Users
PKSA-6d7x-2gs8-wr59 CVE-2025-47938 GHSA-3jrg-97f3-rqh9
Affected version: >=13.0.0,<=13.4.11|>=12.0.0,<=12.4.30|>=11.0.0,<=11.5.43|>=10.0.0,<=10.4.49|>=9.0.0,<=9.5.50
Reported by:
GitHub -
[LOW] TYPO3 Allows Information Disclosure via DBAL Restriction Handling
PKSA-b5m3-ttcx-cz18 CVE-2025-47937 GHSA-x8pv-fgxp-8v3x
Affected version: >=13.0.0,<=13.4.11|>=12.0.0,<=12.4.30|>=11.0.0,<=11.5.43|>=10.0.0,<=10.4.49|>=9.0.0,<=9.5.50
Reported by:
GitHub -
[MEDIUM] TYPO3 Potential Open Redirect via Parsing Differences
PKSA-3gg2-48j5-46ky CVE-2024-55892 GHSA-2fx5-pggv-6jjr
Affected version: >=13.0.0,<=13.4.2|>=12.0.0,<=12.4.24|>=11.0.0,<=11.5.41|>=10.0.0,<=10.4.47|>=9.0.0,<=9.5.48
Reported by:
GitHub