CVE-2025-59013

An openredirect vulnerability in GeneralUtility::sanitizeLocalUrl of TYPO3 CMS 9.0.09.5.54, 10.0.010.4.53, 11.0.011.5.47, 12.0.012.4.36, and 13.0.013.4.17 allows an attacker to redirect users to arbitrary external sites, enabling phishing attacks by supplying a manipulated, sanitized URL.
Open Redirect
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.1 MEDIUM
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
TYPO3CNA
---
---
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 8%
VendorProductVersion
typo3typo3
9.0.0 ≤
𝑥
< 9.5.55
typo3typo3
10.0.0 ≤
𝑥
< 10.4.54
typo3typo3
11.0.0 ≤
𝑥
< 11.5.48
typo3typo3
12.0.0 ≤
𝑥
< 12.4.37
typo3typo3
13.0.0 ≤
𝑥
< 13.4.18
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://typo3.org/security/advisory/typo3-core-sa-2025-017