Information Disclosure via File Abstraction Layer
CVE-2025-59016

5.3MEDIUM

Key Information:

Vendor: Typo3
Status: Typo3 Cms
Vendor: CVE Published:; 9 September 2025

What is CVE-2025-59016?

Error messages containing sensitive information in the File Abstraction Layer in TYPO3 CMS versions 9.0.0-9.5.54, 10.0.0-10.4.53, 11.0.0-11.5.47, 12.0.0-12.4.36, and 13.0.0-13.4.17 allow backend users to disclose full file paths via failed low-level file-system operations.

Affected Version(s)

TYPO3 CMS 9.0.0 < 9.5.55

TYPO3 CMS 10.0.0 < 10.4.54

TYPO3 CMS 11.0.0 < 11.5.48

References

https://typo3.org/security/advisory/typo3-core-sa-2025-020

vendor-advisory

CVSS V4

Score:

5.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 9, 2025
Vulnerability Reserved
Sep 7, 2025

Credit

Dmitry Petschke

Marc Willmann

Andreas Kienast

Typo3

What is CVE-2025-59016?

Affected Version(s)

References

CVSS V4

Timeline

Credit