Primary

Context

TYPO3 CMS Information Disclosure Vulnerability in File Abstraction Layer

Vulnerability

Patched

A vulnerability allowing information disclosure has been identified in TYPO3 CMS versions 9.0.0 prior to 9.5.54, 10.0.0 prior to 10.4.53, 11.0.0 prior to 11.5.47, 12.0.0 prior to 12.4.36, and 13.0.0 prior to 13.4.17. This vulnerability arises from error messages in the File Abstraction Layer that unintentionally reveal full file paths. The issue occurs during certain low-level file-system operations that fail, disclosing sensitive information to backend users.

Impact

Exploitation of this vulnerability could lead to unauthorized disclosure of file system paths, potentially allowing for further attacks that rely on knowledge of the file system structure.

Remediation

Users are advised to update to TYPO3 versions 9.5.55 ELTS, 10.4.54 ELTS, 11.5.48 ELTS, 12.4.37 LTS, or 13.4.18 LTS, all of which address this vulnerability.

Added: Sep 9, 2025, 9:20 AM

Updated: Sep 9, 2025, 5:00 PM

Vulnerability Rating

Custom Algorithm

spread

6.4

impact

2.5

exploitability

5.4

remediation

7.7

relevance

0.5

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

6.4

impact

2.5

exploitability

5.4

remediation

7.7

relevance

0.5

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

TYPO3 CMS Information Disclosure Vulnerability in File Abstraction Layer

Vulnerability

Impact

Remediation

Affected Products

TYPO3 CMS

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating