CVE-2025-59013

MEDIUM EPSS 6.9%
Published Sep 9, 20259mo ago · Modified Jun 17, 20262w ago
5.3 CVSS 4.0
Medium
Find Similar
Published Sep 9, 2025 9mo ago
Last Modified Jun 17, 2026 2w ago

Description

An open‑redirect vulnerability in GeneralUtility::sanitizeLocalUrl of TYPO3 CMS 9.0.0–9.5.54, 10.0.0–10.4.53, 11.0.0–11.5.47, 12.0.0–12.4.36, and 13.0.0–13.4.17 allows an attacker to redirect users to arbitrary external sites, enabling phishing attacks by supplying a manipulated, sanitized URL.

CVSS Details

Base Score
5.3
Exploitability
Impact
Vector string
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector Network
Attack Complexity Low
Privileges Required None
User Interaction P
Scope X

Threat Intelligence

EPSS Exploit Probability
6.9% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available

Weaknesses 1

CWE-601

Affected Products 5

VendorProductVersionRange
typo3typo3*≥9.0.0  –  <9.5.55
typo3typo3*≥10.0.0  –  <10.4.54
typo3typo3*≥11.0.0  –  <11.5.48
typo3typo3*≥12.0.0  –  <12.4.37
typo3typo3*≥13.0.0  –  <13.4.18

References 1

  • typo3.org https://typo3.org/security/advisory/typo3-core-sa-2025-017
    Vendor Advisory

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.