CVE-2025-59018 HIGH

CVE-2025-59018: Information Disclosure in Workspaces Module

Vendor Typo3

Product TYPO3 CMS

Weakness CWE-200 · Info exposure

Published September 9, 2025

Last update September 11, 2025

View on NVD All CVEs

CVSS base score

7.1/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction None

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

What the vulnerability does

01Description

Missing authorization checks in the Workspace Module of TYPO3 CMS versions 9.0.0‑9.5.54, 10.0.0‑10.4.53, 11.0.0‑11.5.47, 12.0.0‑12.4.36, and 13.0.0‑13.4.17 allow backend users to directly invoke the corresponding AJAX backend route to disclose sensitive information without having access.

Key dates

02Disclosure timeline

September 9, 2025 CVE published

September 11, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2025-59018 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/200.html

Related vulnerabilities

Identifiers

CVE CVE-2025-59018

CWE CWE-200

CVSS 7.1 / HIGH

Affected versions

Vendor Typo3

Product TYPO3 CMS

Affected ≥ 9.0.0 and < 9.5.55

Vendor Typo3

Product TYPO3 CMS

Affected ≥ 10.0.0 and < 10.4.54

Vendor Typo3

Product TYPO3 CMS

Affected ≥ 11.0.0 and < 11.5.48

Vendor Typo3

Product TYPO3 CMS

Affected ≥ 12.0.0 and < 12.4.37

Vendor Typo3

Product TYPO3 CMS

Affected ≥ 13.0.0 and < 13.4.18

CVE-2025-59018: Information Disclosure in Workspaces Module

01Description

02Disclosure timeline

03References

04Related CVE