Primary

Context

TYPO3 Multifactor Authentication Bypass Vulnerability in Backend Login

Vulnerability

Patched

A vulnerability exists in TYPO3 versions 12.x prior to 12.4.31 LTS and 13.x prior to 13.4.2 LTS, allowing the multifactor authentication (MFA) dialog to be bypassed during backend login. This issue arises from inadequate enforcement of access restrictions on all backend routes. Exploitation of this vulnerability requires valid backend user credentials, as the MFA bypass can only occur after successful authentication.

Impact

Exploitation of this vulnerability allows for bypassing multifactor authentication in the backend, potentially leading to unauthorized access or actions by authenticated users.

Remediation

Users are advised to update TYPO3 to versions 12.4.31 LTS or 13.4.12 LTS, which address this vulnerability.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

6.4

impact

5.0

exploitability

5.0

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

6.4

impact

5.0

exploitability

5.0

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

TYPO3 Multifactor Authentication Bypass Vulnerability in Backend Login

Vulnerability

Impact

Remediation

Affected Products

TYPO3

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating