typo3/cms-core Security Advisories for v13.4.9 (4)
-
[HIGH] TYPO3 Allows Privilege Escalation to System Maintainer
PKSA-2ssc-6m7w-s9xh CVE-2025-47940 GHSA-6frx-j292-c844
Affected version: >=13.0.0,<=13.4.11|>=12.0.0,<=12.4.30|>=11.0.0,<=11.5.43|>=10.4.0,<=10.4.49
Reported by:
GitHub -
[MEDIUM] TYPO3 Allows Unrestricted File Upload in File Abstraction Layer
PKSA-q3vc-nbpk-d1gk CVE-2025-47939 GHSA-9hq9-cr36-4wpj
Affected version: >=13.0.0,<=13.4.11|>=12.0.0,<=12.4.30|>=11.0.0,<=11.5.43|>=10.0.0,<=10.4.49|>=9.0.0,<=9.5.50
Reported by:
GitHub -
[LOW] TYPO3 Unverified Password Change for Backend Users
PKSA-6d7x-2gs8-wr59 CVE-2025-47938 GHSA-3jrg-97f3-rqh9
Affected version: >=13.0.0,<=13.4.11|>=12.0.0,<=12.4.30|>=11.0.0,<=11.5.43|>=10.0.0,<=10.4.49|>=9.0.0,<=9.5.50
Reported by:
GitHub -
[LOW] TYPO3 Allows Information Disclosure via DBAL Restriction Handling
PKSA-b5m3-ttcx-cz18 CVE-2025-47937 GHSA-x8pv-fgxp-8v3x
Affected version: >=13.0.0,<=13.4.11|>=12.0.0,<=12.4.30|>=11.0.0,<=11.5.43|>=10.0.0,<=10.4.49|>=9.0.0,<=9.5.50
Reported by:
GitHub