Home

Description

Backend users with access to the redirects module and write permission on the sys_redirect table were able to read, create, and modify any redirect record without restriction to the user’s own file-mounts or web-mounts. This allowed attackers to insert or alter redirects pointing to arbitrary URLs – facilitating phishing or other malicious redirect attacks. This issue affects TYPO3 CMS versions 10.0.0-10.4.54, 11.0.0-11.5.48, 12.0.0-12.4.40, 13.0.0-13.4.22 and 14.0.0-14.0.1.

PUBLISHED Reserved 2025-09-07 | Published 2026-01-13 | Updated 2026-01-13 | Assigner TYPO3




MEDIUM: 5.3CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

Problem types

CWE-862 Missing Authorization

Product status

Default status
unaffected

10.0.0 (semver) before 10.4.55
affected

11.0.0 (semver) before 11.5.49
affected

12.0.0 (semver) before 12.4.41
affected

13.0.0 (semver) before 13.4.23
affected

14.0.0 (semver) before 14.0.2
affected

Credits

Georg Dümmler reporter

Elias Häußler remediation developer

References

typo3.org/security/advisory/typo3-core-sa-2026-002 vendor-advisory

github.com/...ommit/8a46abd8993e3a5a31a834dcd6c8f91adef57ce4 (Git commit of main branch) patch

github.com/...ommit/bac370df5c1c3fcf5ebc1c030fbd2bec86d6a686 (Git commit of 13.4 branch) patch

github.com/...ommit/fbbae3b9a40d0420207ef7af990cdf1ac0612c0b (Git commit of 12.4 branch) patch

cve.org (CVE-2025-59021)

nvd.nist.gov (CVE-2025-59021)

Download JSON