CVE Details
Basic Information
| Title |
CVE-2025-47939 |
| Type |
cve |
| Published |
2025-05-20T14:15:50 |
| Last Seen |
2025-05-20T14:26:25 |
CVSS Information
| Base Score |
5.4 (MEDIUM) |
| Attack Vector |
NETWORK |
| Attack Complexity |
LOW |
| Privileges Required |
LOW |
| User Interaction |
NONE |
| Scope |
UNCHANGED |
| Confidentiality Impact |
NONE |
| Integrity Impact |
LOW |
| Availability Impact |
LOW |
AI Analysis
| AI Description |
TYPO3’s file management module allows authenticated users to upload arbitrary files, potentially leading to remote code execution if malicious files are uploaded and executed. This vulnerability is mitigated by the requirement of backend user authentication and the need for specific configurations to execute uploaded files. |
| AI Severity |
Medium |
| Vendor |
TYPO3 |
| Product |
TYPO3 CMS |
| Affected Version |
|
Additional Information
| CVE List |
CVE-2025-47939 |
| CWE List |
CWE-434, CWE-351 |
| Bulletin Family |
cve |
Description
TYPO3 is an open source, PHP based web content management system. By design, the file management module in TYPO3’s backend user interface has historically allowed the upload of any file type, with the exception of those that are directly…
CVSS Score Summary
Base Score: %!f(string=#) (MEDIUM)
View Full CVE Details
