logo

Database

Security controls bypass or absence In typo3/cms-core

Description

TYPO3 Allows Privilege Escalation to System Maintainer

Problem

Administrator-level backend users without system maintainer privileges can escalate their privileges and gain system maintainer access. Exploiting this vulnerability requires a valid administrator account.

Solution

Update to TYPO3 versions 10.4.50 ELTS, 11.5.44 ELTS, 12.4.31 LTS, 13.4.12 LTS that fix the problem described.

Credits

Thanks to Alexander Künzl for reporting this issue, and to TYPO3 core & security team member Oliver Hader for fixing it.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem
Package
Affected version
Patched versions

Aliases

1. CVE-2025-479402. NVD-2025-479403. OSV-2025-479404. GHSA-6frx-j292-c8445. GCVE-2025-47940

References

1. https://github.com/TYPO3/typo3/security/advisories/GHSA-6frx-j292-c8442. https://github.com/TYPO3-CMS/core/commit/a659cc8c0ae05c44dd7f01d13629cdd2d0b7219b3. https://typo3.org/security/advisory/typo3-core-sa-2025-016

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.