Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2025-59016

Error messages containing sensitive information in the File Abstraction Layer in TYPO3 CMS versions 9.0.0-9.5.54, 10.0.0-10.4.53, 11.0.0-11.5.47, 12.0.0-12.4.36, and 13.0.0-13.4.17 allow backend users to disclose full file paths via failed low-level file-system operations.

Published

2025-09-09T09:15:40.303

Last Modified

2025-09-10T13:43:46.577

Status

Analyzed

Source

f4fb688c-4412-4426-b4b8-421ecf27b14a

Severity

CVSSv3.1: 4.3 (MEDIUM)

Weaknesses

Type: Secondary
CWE-209

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	typo3	typo3	< 9.5.55	Yes
Application	typo3	typo3	≤ 10.4.54	Yes
Application	typo3	typo3	≤ 11.5.48	Yes
Application	typo3	typo3	≤ 12.4.37	Yes
Application	typo3	typo3	≤ 13.4.18	Yes

References

https://typo3.org/security/advisory/typo3-core-sa-2025-020 Vendor Advisory (f4fb688c-4412-4426-b4b8-421ecf27b14a)