CVE-2025-59021

EUVD-2026-2089

13.01.2026, 12:15

Backend users with access to the redirects module and write permission on the sys_redirect table were able to read, create, and modify any redirect record without restriction to the user’s own file-mounts or web-mounts. This allowed attackers to insert or alter redirects pointing to arbitrary URLs – facilitating phishing or other malicious redirect attacks. This issue affects TYPO3 CMS versions 10.0.0-10.4.54, 11.0.0-11.5.48, 12.0.0-12.4.40, 13.0.0-13.4.22 and 14.0.0-14.0.1.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	6.4 MEDIUM	NETWORK	LOW	LOW	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

Base Score

CVSS 3.x

EPSS Score

Percentile: 1%

Affected Products (NVD)

Vendor	Product	Version
typo3	typo3	10.0.0 ≤ 𝑥 < 10.4.55
typo3	typo3	11.0.0 ≤ 𝑥 < 11.5.49
typo3	typo3	12.0.0 ≤ 𝑥 < 12.4.41
typo3	typo3	13.0.0 ≤ 𝑥 < 13.4.23
typo3	typo3	14.0.0 ≤ 𝑥 < 14.0.2

𝑥

= Vulnerable software versions

Common Weakness Enumeration

CWE-862 - Missing Authorization
The software does not perform an authorization check when an actor attempts to access a resource or perform an action.

References

https://github.com/TYPO3/typo3/commit/8a46abd8993e3a5a31a834dcd6c8f91adef57ce4

https://github.com/TYPO3/typo3/commit/bac370df5c1c3fcf5ebc1c030fbd2bec86d6a686

https://github.com/TYPO3/typo3/commit/fbbae3b9a40d0420207ef7af990cdf1ac0612c0b

https://typo3.org/security/advisory/typo3-core-sa-2026-002