Unauthorized Access Vulnerability in TYPO3 CMS Workspace Module
CVE-2025-59018

7.1HIGH

Key Information:

Vendor: Typo3
Status: Typo3 Cms
Vendor: CVE Published:; 9 September 2025

What is CVE-2025-59018?

The Workspace Module in TYPO3 CMS suffers from missing authorization checks, allowing backend users to access AJAX backend routes without proper permissions. This oversight can lead to the unauthorized disclosure of sensitive information, posing significant risks to data integrity and user privacy.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

TYPO3 CMS 9.0.0 < 9.5.55

TYPO3 CMS 10.0.0 < 10.4.54

TYPO3 CMS 11.0.0 < 11.5.48

References

https://typo3.org/security/advisory/typo3-core-sa-2025-022

vendor-advisory

CVSS V4

Score:

7.1

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 9, 2025
Vulnerability Reserved
Sep 7, 2025

Credit

Oliver Hader

JSON

Typo3

What is CVE-2025-59018?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V4

Timeline

Credit

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.