Primary

Context

TYPO3 CMS Information Disclosure Vulnerability in Workspaces Module

Vulnerability

Patched

A vulnerability allowing unauthorized information disclosure has been identified in the Workspaces Module of TYPO3 CMS. This issue affects versions 11.0.0 through 11.5.47, 12.0.0 through 12.4.36, and 13.0.0 through 13.4.17. The vulnerability arises from missing authorization checks in the CSV download feature, which allows backend users to access data from arbitrary database tables within their web mounts, even if they do not have the necessary permissions.

Impact

Exploitation of this vulnerability could lead to unauthorized access to sensitive information from database tables that the user does not have rights to, allowing for potential privacy breaches or misuse of data.

Remediation

Users are advised to update TYPO3 to versions 11.5.48 ELTS, 12.4.37 LTS, or 13.4.18 LTS, which address this vulnerability.

Added: Sep 9, 2025, 9:16 AM

Updated: Sep 9, 2025, 4:58 PM

Vulnerability Rating

Custom Algorithm

spread

6.4

impact

2.5

exploitability

5.4

remediation

7.7

relevance

0.5

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

6.4

impact

2.5

exploitability

5.4

remediation

7.7

relevance

0.5

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

TYPO3 CMS Information Disclosure Vulnerability in Workspaces Module

Vulnerability

Impact

Remediation

Affected Products

TYPO3 CMS

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating