CVE-2025-12998: TYPO3 Modules Extension has Improper Authentication vulnerability

November 12, 2025 (updated November 14, 2025)

Improper Authentication vulnerability in TYPO3 Extension “Modules” codingms/modules. This issue affects Extension “Modules”: before 4.3.11, from 5.0.0 before 5.7.4, from 6.0.0 before 6.4.2, from 7.0.0 before 7.5.5.

References

github.com/advisories/GHSA-49qv-h8pm-73pf
gitlab.com/codingms/typo3-public/modules
gitlab.com/codingms/typo3-public/modules/-/commit/7fe0f9fbf2ea81343e4e8ede5a34c450c58d8ce1
nvd.nist.gov/vuln/detail/CVE-2025-12998
typo3.org/security/advisory/typo3-ext-sa-2025-015

Code Behaviors & Features

Detect and mitigate CVE-2025-12998 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →