VDB
CVE-2025-59022
CVE-2025-59022
PUBLISHED
CVSS 7.099999904632568 HIGH
TYPO3 CMS Allows Broken Access Control in Recycler Module
EPSS 0.02% · 5.8th percentile
Risk Scores
CVSS 4.0
7.099999904632568
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
EPSS Score
0.02%
5.8th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| typo3 | cms-recycler | 10.0.0, 11.0.0, 12.0.0 |
| TYPO3 | TYPO3 CMS | 10.0.0, 11.0.0, 12.0.0 |
| typo3 | cms-recycler | 14.0.0, 12.0.0, 11.0.0 |
| typo3 | typo3 | 10.0.0, 11.0.0, 12.0.0 |
Timeline
- Jan 13, 2026 CVE Published
- Jan 13, 2026 EPSS Score
- Jan 13, 2026 PoC Published
- Jan 13, 2026 PoC Published
- Jan 14, 2026 PoC Published
- Jan 16, 2026 EPSS Score
- Jan 19, 2026 EPSS Score
- Jan 22, 2026 EPSS Score
- Jan 24, 2026 PoC Published
- Jan 24, 2026 PoC Published
- Jan 25, 2026 EPSS Score
- Jan 28, 2026 EPSS Score
References
- https://github.com/TYPO3/typo3/security/advisories/GHSA-5j7q-wmh7-cqhg advisory
- https://github.com/TYPO3/typo3/security/advisories/GHSA-p52w-7rhw-9m67 advisory
- https://github.com/TYPO3/typo3/security/advisories/GHSA-6c46-p6j5-3f49 advisory
- https://github.com/TYPO3/typo3/security/advisories/GHSA-7vp9-x248-9vr9 advisory
- https://typo3.org/security/advisory/typo3-core-sa-2026-003 vendor-advisory
- Git commit of main branch patch
- Git commit of 13.4 branch patch
- Git commit of 12.4 branch patch
- https://nvd.nist.gov/vuln/detail/CVE-2025-59022 advisory
- https://github.com/TYPO3/typo3 package