Advisory Database
  • Advisories
  • Dependency Scanning
  1. composer
  2. ›
  3. typo3/cms-core
  4. ›
  5. CVE-2025-59013

CVE-2025-59013: TYPO3 CMS has an open‑redirect vulnerability

September 9, 2025

An open‑redirect vulnerability in GeneralUtility::sanitizeLocalUrl of TYPO3 CMS 9.0.0–9.5.54, 10.0.0–10.4.53, 11.0.0–11.5.47, 12.0.0–12.4.36, and 13.0.0–13.4.17 allows an attacker to redirect users to arbitrary external sites, enabling phishing attacks by supplying a manipulated, sanitized URL.

References

  • github.com/TYPO3-CMS/core
  • github.com/TYPO3-CMS/core/commit/862b9da870815132c31119cd85bc454a5010793c
  • github.com/advisories/GHSA-72jf-5fg5-3cw3
  • nvd.nist.gov/vuln/detail/CVE-2025-59013
  • typo3.org/security/advisory/typo3-core-sa-2025-017

Code Behaviors & Features

Detect and mitigate CVE-2025-59013 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →

Affected versions

All versions starting from 9.0.0 before 12.4.37, all versions starting from 10.0.0 before 12.4.37, all versions starting from 11.0.0 before 12.4.37, all versions starting from 12.0.0 before 12.4.37, all versions starting from 13.0.0 before 13.4.18

Fixed versions

  • 12.4.37
  • 12.4.37
  • 12.4.37
  • 12.4.37
  • 13.4.18

Solution

Upgrade to versions 12.4.37, 12.4.37, 12.4.37, 12.4.37, 13.4.18 or above.

Weakness

  • CWE-601: URL Redirection to Untrusted Site ('Open Redirect')

Source file

packagist/typo3/cms-core/CVE-2025-59013.yml

Spotted a mistake? Edit the file on GitLab.

  • Site Repo
  • About GitLab
  • Terms
  • Privacy Statement
  • Contact

Page generated Sat, 04 Oct 2025 12:19:22 +0000.