Primary

Context

TYPO3 Open Redirect and SSRF Vulnerability in URI Parsing Component

Vulnerability

Patched

A vulnerability allowing open redirect or Server-Side Request Forgery (SSRF) has been identified in TYPO3 applications that use the 'TYPO3\CMS\Core\Http\Uri' component to parse externally provided URLs, such as those received via query parameters. This issue arises when the parsed URL's host is validated but the URL is subsequently used, potentially leading to unauthorized redirection or SSRF attacks.

Impact

Exploitation of this vulnerability could result in open redirect or SSRF attacks, allowing an attacker to manipulate URL redirection or make unauthorized requests to internal services, respectively.

Remediation

Users are advised to update TYPO3 to versions 9.5.49 ELTS, 10.4.48 ELTS, 11.5.42 ELTS, 12.4.25 LTS, or 13.4.3 LTS, all of which address this vulnerability.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

6.4

impact

1.3

exploitability

7.6

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

6.4

impact

1.3

exploitability

7.6

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

TYPO3 Open Redirect and SSRF Vulnerability in URI Parsing Component

Vulnerability

Impact

Remediation

Affected Products

TYPO3

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating