File Upload Vulnerability in TYPO3 Web Content Management System
CVE-2025-47939

5.4MEDIUM

Key Information:

Vendor: Typo3
Status: Typo3
Vendor: CVE Published:; 20 May 2025

What is CVE-2025-47939?

TYPO3, an open-source PHP web content management system, features a file management module that permits the upload of various file types without adequate restrictions. This includes potentially harmful files like executable binaries or files with misleading extensions. Although these files are not directly executable on the web server, their upload poses indirect risks, including the potential for website access being flagged by security services, negatively influencing site availability and reputation. To mitigate this risk, users are advised to update to the latest TYPO3 versions: 9.5.51 ELTS, 10.4.50 ELTS, 11.5.44 ELTS, 12.4.31 LTS, or 13.4.12 LTS.

Affected Version(s)

typo3 >= 9.0.0, < 9.5.51 < 9.0.0, 9.5.51

typo3 >= 10.0.0, < 10.4.50 < 10.0.0, 10.4.50

typo3 >= 11.0.0, < 11.5.44 < 11.0.0, 11.5.44

References

https://github.com/TYPO3/typo3/security/advisories/GHSA-9...

x_refsource_CONFIRM

https://typo3.org/security/advisory/typo3-core-sa-2025-014

x_refsource_MISC

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 20, 2025
Vulnerability Reserved
May 14, 2025

Typo3

What is CVE-2025-47939?

Affected Version(s)

References

CVSS V3.1

Timeline