CVE-2024-55892

Published: Jan 14, 2025Modified: Aug 26, 2025

6.1

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Exploitability: 2.8 / Impact: 2.7

Source: NVD

Description

TYPO3 is a free and open source Content Management Framework. Applications that use `TYPO3\CMS\Core\Http\Uri` to parse externally provided URLs (e.g., via a query parameter) and validate the host of the parsed URL may be vulnerable to open redirect or SSRF attacks if the URL is used after passing the validation checks. Users are advised to update to TYPO3 versions 9.5.49 ELTS, 10.4.48 ELTS, 11.5.42 LTS, 12.4.25 LTS, 13.4.3 which fix the problem described. There are no known workarounds for this vulnerability.

Affected (5)

Products: Typo3: Typo3

Typo3

1 product

Typo3

Configuration A

5 vulnerable

Vulnerable Software	Affected Versions
Typo3 Typo3	From 10.0.0 to 10.4.48
Typo3 Typo3	From 11.0.0 to 11.5.42
Typo3 Typo3	From 12.0.0 to 12.4.25
Typo3 Typo3	From 13.0.0 to 13.4.3
Typo3 Typo3	From 9.0.0 to 9.5.49

Related CWEs

CWE-601

URL Redirection to Untrusted Site ('Open Redirect')

A web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a Redirect. This simplifies phishing attacks.

References (2)

https://github.com/TYPO3/typo3/security/advisories/GHSA-2fx5-pggv-6jjr

Source: security-advisories@github.com

Vendor Advisory

https://typo3.org/security/advisory/typo3-core-sa-2025-002

Source: security-advisories@github.com

Vendor Advisory

Timeline

No history available yet.