Data Deletion Vulnerability in TYPO3 CMS by TYPO3
CVE-2025-59022

7.1HIGH

Key Information:

Vendor

Typo3

Status
Typo3 Cms
Vendor
CVE Published:
13 January 2026

What is CVE-2025-59022?

TYPO3 CMS is affected by a serious vulnerability that allows backend users with access to the recycler module to delete arbitrary data from any defined database table, irrespective of their permissions on those tables. This flaw can lead to the unauthorized purge of critical site data, causing potential downtime and unavailability of the entire website. This issue affects multiple versions of TYPO3 CMS, necessitating immediate attention and remediation by administrators to safeguard their data integrity and security.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

TYPO3 CMS 10.0.0 < 10.4.55

TYPO3 CMS 11.0.0 < 11.5.49

TYPO3 CMS 12.0.0 < 12.4.41

References

https://typo3.org/security/advisory/typo3-core-sa-2026-003
vendor-advisory
https://github.com/TYPO3/typo3/commit/336d6f165458a0ce32d...
patch
https://github.com/TYPO3/typo3/commit/efb9528f9882ac924c4...
patch

CVSS V4

Score:
7.1
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Sven JĂĽrgens
Daniel Windloff
Elias Häußler
JSON
.