Home

Description

An uncaught exception in the Bookmark Toolbar of TYPO3 CMS versions 11.0.0–11.5.47, 12.0.0–12.4.36, and 13.0.0–13.4.17 lets administrator‑level backend users trigger a denial‑of‑service condition in the backend user interface by saving manipulated data in the bookmark toolbar.

PUBLISHED Reserved 2025-09-07 | Published 2025-09-09 | Updated 2025-09-09 | Assigner TYPO3




MEDIUM: 5.1CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

Problem types

CWE-248

Product status

Default status
unaffected

11.0.0 (semver) before 11.5.48
affected

12.0.0 (semver) before 12.4.37
affected

13.0.0 (semver) before 13.4.18
affected

Credits

Jakub Świes reporter

Oliver Hader remediation developer

References

typo3.org/security/advisory/typo3-core-sa-2025-018 vendor-advisory

cve.org (CVE-2025-59014)

nvd.nist.gov (CVE-2025-59014)

Download JSON