Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2025-47940

TYPO3 is an open source, PHP based web content management system. Starting in version 10.0.0 and prior to versions 10.4.50 ELTS, 11.5.44 ELTS, 12.4.31 LTS, and 13.4.12 LTS, administrator-level backend users without system maintainer privileges can escalate their privileges and gain system maintainer access. Exploiting this vulnerability requires a valid administrator account. Users should update to TYPO3 version 10.4.50 ELTS, 11.5.44 ELTS, 12.4.31 LTS, or 13.4.12 LTS to fix the problem.

Published

2025-05-20T14:15:50.950

Last Modified

2025-09-03T17:24:07.460

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 7.2 (HIGH)

Weaknesses

Type: Secondary
CWE-283

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	typo3	typo3	< 10.4.50	Yes
Application	typo3	typo3	< 11.5.44	Yes
Application	typo3	typo3	< 12.4.31	Yes
Application	typo3	typo3	< 13.4.12	Yes

References

https://github.com/TYPO3/typo3/security/advisories/GHSA-6frx-j292-c844 Vendor Advisory ([email protected])
https://typo3.org/security/advisory/typo3-core-sa-2025-016 Vendor Advisory ([email protected])