Open Redirect in TYPO3 CMS
CVE-2025-59013

5.3MEDIUM

Key Information:

Vendor: Typo3
Status: Typo3 Cms
Vendor: CVE Published:; 9 September 2025

What is CVE-2025-59013?

An open‑redirect vulnerability in GeneralUtility::sanitizeLocalUrl of TYPO3 CMS 9.0.0–9.5.54, 10.0.0–10.4.53, 11.0.0–11.5.47, 12.0.0–12.4.36, and 13.0.0–13.4.17 allows an attacker to redirect users to arbitrary external sites, enabling phishing attacks by supplying a manipulated, sanitized URL.

Affected Version(s)

TYPO3 CMS 9.0.0 < 9.5.55

TYPO3 CMS 10.0.0 < 10.4.54

TYPO3 CMS 11.0.0 < 11.5.48

References

https://typo3.org/security/advisory/typo3-core-sa-2025-017

vendor-advisory

CVSS V4

Score:

5.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 9, 2025
Vulnerability Reserved
Sep 7, 2025

Credit

Oliver Hader

Benjamin Franzke

Typo3

What is CVE-2025-59013?

Affected Version(s)

References

CVSS V4

Timeline

Credit