Unauthorized Access Vulnerability in TYPO3 CMS Workspace Module
CVE-2025-59018

7.1HIGH

Key Information:

Vendor: Typo3
Status: Typo3 Cms
Vendor: CVE Published:; 9 September 2025

What is CVE-2025-59018?

The Workspace Module in TYPO3 CMS suffers from missing authorization checks, allowing backend users to access AJAX backend routes without proper permissions. This oversight can lead to the unauthorized disclosure of sensitive information, posing significant risks to data integrity and user privacy.

Affected Version(s)

TYPO3 CMS 9.0.0 < 9.5.55

TYPO3 CMS 10.0.0 < 10.4.54

TYPO3 CMS 11.0.0 < 11.5.48

References

https://typo3.org/security/advisory/typo3-core-sa-2025-021

vendor-advisory

https://www.cve.org/CVERecord?id=CVE-2025-59017

CVSS V4

Score:

7.1

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 9, 2025
Vulnerability Reserved
Sep 7, 2025

Credit

Oliver Hader

Typo3

What is CVE-2025-59018?

Affected Version(s)

References

CVSS V4

Timeline

Credit