Open Redirect and SSRF Vulnerability in TYPO3 Content Management Framework
CVE-2024-55892

Currently unrated

Key Information:

Vendor: TYPO3
Vendor: CVE Published:; 14 January 2025

What is CVE-2024-55892?

The TYPO3 Content Management Framework is susceptible to open redirect and server-side request forgery (SSRF) attacks when it processes external URLs provided through query parameters. This vulnerability occurs if the framework improperly validates the host of the parsed URL, potentially allowing unintended access to internal resources. To mitigate this risk, users must update to the listed secure versions of TYPO3 as no immediate workarounds are available.

References

https://github.com/TYPO3/typo3/security/advisories/GHSA-2...

https://typo3.org/security/advisory/typo3-core-sa-2025-002

Timeline

Vulnerability published
Jan 14, 2025