Primary

Context

TYPO3 Privilege Escalation Vulnerability for Backend Users

Vulnerability

Patched

A privilege escalation vulnerability has been identified in TYPO3 versions 10.4.0 prior to 10.4.50 ELTS, 11.0.0 prior to 11.5.44 ELTS, 12.0.0 prior to 12.4.30, and 13.0.0 prior to 13.4.11. This vulnerability allows administrator-level backend users without system maintainer privileges to escalate their privileges and gain system maintainer access. Exploitation requires a valid administrator account.

Impact

Exploitation of this vulnerability allows for unauthorized privilege escalation, enabling users to gain system maintainer access, which includes elevated rights and capabilities within the TYPO3 backend.

Remediation

Users are advised to update TYPO3 to versions 10.4.50 ELTS, 11.5.44 ELTS, 12.4.31 LTS, or 13.4.12 LTS.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

6.4

impact

5.0

exploitability

5.0

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

6.4

impact

5.0

exploitability

5.0

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

TYPO3 Privilege Escalation Vulnerability for Backend Users

Vulnerability

Impact

Remediation

Affected Products

TYPO3

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating