Information Disclosure via CSV Download_CVE-2025-59019

5.3 / 10

MEDIUM

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Description

Missing authorization checks in the CSV download feature of TYPO3 CMS versions 11.0.0‑11.5.47, 12.0.0‑12.4.36, and 13.0.0‑13.4.17 allow backend users to disclose information from arbitrary database tables stored within the users' web mounts without having access to them.

Basic Information

ID CVE-2025-59019

Source TYPO3

Published Sep 9, 2025 at 09:01

Affected Product

Vendor TYPO3

Product TYPO3 CMS

Version 12.0.0

Affected Versions TYPO3 TYPO3 CMS 12.0.0
TYPO3 TYPO3 CMS 13.0.0
TYPO3 TYPO3 CMS 11.0.0

CWE Classification

CWE-200

References

typo3.org /security/advisory/typo3-core-sa-2025-022

{
    "lastseen": "",
    "description": "Missing authorization checks in the CSV download feature of TYPO3 CMS versions 11.0.0\u201111.5.47, 12.0.0\u201112.4.36, and 13.0.0\u201113.4.17 allow backend users to disclose information from arbitrary database tables stored within the users' web mounts without having access to them.",
    "published": "2025-09-09T09:01:17.787Z",
    "modified": "2025-09-09T09:01:17.787Z",
    "type": "cve",
    "title": "Information Disclosure via CSV Download",
    "source": "TYPO3",
    "references": "https://typo3.org/security/advisory/typo3-core-sa-2025-022",
    "id": "CVE-2025-59019",
    "bulletinFamily": "",
    "cwe": [
        "CWE-200"
    ],
    "cvelist": null,
    "sourceData": "TYPO3 TYPO3 CMS 12.0.0\nTYPO3 TYPO3 CMS 13.0.0\nTYPO3 TYPO3 CMS 11.0.0",
    "sourceHref": "",
    "cvss": {
        "score": 5.3,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "TYPO3 CMS",
    "version": "12.0.0",
    "vendor": "TYPO3",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}