Fluid Attacks Database

Description

TYPO3 Potential Open Redirect via Parsing Differences

Problem

Applications that use TYPO3\CMS\Core\Http\Uri to parse externally provided URLs (e.g., via a query parameter) and validate the host of the parsed URL may be vulnerable to open redirect or SSRF attacks if the URL is used after passing the validation checks.

Solution

Update to TYPO3 versions 9.5.49 ELTS, 10.4.48 ELTS, 11.5.42 ELTS, 12.4.25 LTS, 13.4.3 LTS that fix the problem described.

Credits

Thanks to Sam Mush and Christian Eßl who reported this issue and to TYPO3 core & security team member Benjamin Franzke who fixed the issue.

References

TYPO3-CORE-SA-2025-002

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
packagist	typo3/cms-core	>=9.0.0 <9.5.49 \|\| >=10.0.0 <10.4.48 \|\| >=11.0.0 <11.5.42 \|\| >=12.0.0 <12.4.25 \|\| >=13.0.0 <13.4.3	9.5.49, 10.4.48, 11.5.42, 12.4.25, 13.4.3

Aliases

1. CVE-2024-558922. NVD-2024-558923. OSV-2024-558924. GHSA-2fx5-pggv-6jjr5. GCVE-2024-55892

References

1. https://github.com/TYPO3/typo3/security/advisories/GHSA-2fx5-pggv-6jjr2. https://github.com/TYPO3/typo3/commit/a4abf48d254685f43383e6e7f80d48aebaea56af3. https://typo3.org/security/advisory/typo3-core-sa-2025-002