Open Redirect Vulnerability in TYPO3 CMS by TYPO3
CVE-2025-59013

5.3MEDIUM

Key Information:

Vendor

Typo3

Status
Typo3 Cms
Vendor
CVE Published:
9 September 2025

What is CVE-2025-59013?

An open redirect vulnerability exists in TYPO3 CMS's GeneralUtility::sanitizeLocalUrl. This flaw allows attackers to redirect unsuspecting users to harmful external websites through a manipulated URL. By exploiting this vulnerability, threat actors can conduct phishing attacks, potentially compromising sensitive user information. Users of affected TYPO3 CMS versions are advised to implement security updates and monitor for unusual activity.

Affected Version(s)

TYPO3 CMS 9.0.0 < 9.5.55

TYPO3 CMS 10.0.0 < 10.4.54

TYPO3 CMS 11.0.0 < 11.5.48

References

https://typo3.org/security/advisory/typo3-core-sa-2025-017
vendor-advisory

CVSS V4

Score:
5.3
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
Unknown

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Oliver Hader
Benjamin Franzke
JSON
.