CVE-2025-59014: TYPO3 Bookmark Toolbar vulnerable to denial of service

September 9, 2025 (updated November 10, 2025)

An uncaught exception in the Bookmark Toolbar of TYPO3 CMS versions 11.0.0–11.5.47, 12.0.0–12.4.36, and 13.0.0–13.4.17 lets administrator‑level backend users trigger a denial‑of‑service condition in the backend user interface by saving manipulated data in the bookmark toolbar.

References

github.com/TYPO3-CMS/backend
github.com/TYPO3-CMS/backend/commit/04db7e25de1d3bb2d082ba68f7f974ccd917cc3f
github.com/advisories/GHSA-xrcq-533q-8rxw
nvd.nist.gov/vuln/detail/CVE-2025-59014
typo3.org/security/advisory/typo3-core-sa-2025-018

Code Behaviors & Features

Detect and mitigate CVE-2025-59014 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →