7.2

CVE-2025-47940

EPSS 0.05%
Veröffentlicht 20.05.2025 14:15:50
Zuletzt bearbeitet 03.09.2025 17:24:07
Quelle security-advisories@github.com
CVE-Watchlists
Login
Unerledigt
Login

TYPO3 is an open source, PHP based web content management system. Starting in version 10.0.0 and prior to versions 10.4.50 ELTS, 11.5.44 ELTS, 12.4.31 LTS, and 13.4.12 LTS, administrator-level backend users without system maintainer privileges can escalate their privileges and gain system maintainer access. Exploiting this vulnerability requires a valid administrator account. Users should update to TYPO3 version 10.4.50 ELTS, 11.5.44 ELTS, 12.4.31 LTS, or 13.4.12 LTS to fix the problem.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 5

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Typo3 ≫ Typo3 Version >= 10.4.0 < 10.4.50

Typo3 ≫ Typo3 Version >= 11.0.0 < 11.5.44

Typo3 ≫ Typo3 Version >= 12.0.0 < 12.4.31

Typo3 ≫ Typo3 Version >= 13.0.0 < 13.4.12

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.05%	0.168

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
security-advisories@github.com	7.2	1.2	5.9	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CWE-283 Unverified Ownership

The product does not properly verify that a critical resource is owned by the proper entity.

https://github.com/TYPO3/typo3/security/advisories/GHSA-6frx-j292-c844

Vendor Advisory

https://typo3.org/security/advisory/typo3-core-sa-2025-016

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2025-47940

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-47940

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-47940

EUVD