CVE-2024-25121 – This vulnerability in TYPO3 allows authenticate... (How to Fix)

Q: What is the severity of CVE-2024-25121?

CVE-2024-25121 has a CVSS score of 7.1 (HIGH). This vulnerability in TYPO3 allows authenticated backend users to access files in the fallback storage via the File Abstraction Layer, potentially exposing sensitive file names and contents. It affects TYPO3 installations with backend user accounts and improperly configured file storages. The risk is limited to authenticated users but could lead to information disclosure.

📋 TL;DR

This vulnerability in TYPO3 allows authenticated backend users to access files in the fallback storage via the File Abstraction Layer, potentially exposing sensitive file names and contents. It affects TYPO3 installations with backend user accounts and improperly configured file storages. The risk is limited to authenticated users but could lead to information disclosure.

💻 Affected Systems

Products:

TYPO3 CMS

Versions: All versions before 8.7.57 ELTS, 9.5.46 ELTS, 10.4.43 ELTS, 11.5.35 LTS, 12.4.11 LTS, and 13.0.1

Operating Systems: All

Default Config Vulnerable: ⚠️ Yes

Notes: Requires a valid backend user account and files in fallback storage within public web root directory.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Authenticated attackers could retrieve sensitive files from the web root directory, potentially exposing configuration files, credentials, or other confidential data.

🟠

Likely Case

Authenticated users with malicious intent could access files they shouldn't have permission to view, leading to information disclosure.

🟢

If Mitigated

With proper access controls and file storage configurations, the impact is minimal as it requires authenticated backend access.

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires authenticated backend access and knowledge of the DataHandler interface.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 8.7.57 ELTS, 9.5.46 ELTS, 10.4.43 ELTS, 11.5.35 LTS, 12.4.11 LTS, or 13.0.1

Vendor Advisory: https://typo3.org/security/advisory/typo3-core-sa-2024-006

Restart Required: No

Instructions:

1. Backup your TYPO3 installation and database. 2. Update TYPO3 to the patched version for your branch. 3. Clear all caches via the TYPO3 backend. 4. Verify the update was successful.

🔧 Temporary Workarounds

Restrict backend user permissions

all

Limit backend user access to only necessary functions and modules, particularly DataHandler operations.

Configure proper file storages

all

Ensure all files are stored in properly configured file storages rather than relying on fallback storage.

🧯 If You Can't Patch

Implement strict access controls for backend user accounts
Monitor DataHandler operations and file access logs for suspicious activity

🔍 How to Verify

Check if Vulnerable:

Check TYPO3 version in the backend under 'Admin Tools > System Information' or via composer show typo3/cms-core

Check Version:

composer show typo3/cms-core | grep version

Verify Fix Applied:

Verify the installed version matches or exceeds the patched versions listed in the advisory

📡 Detection & Monitoring

Log Indicators:

Unusual DataHandler operations on sys_file entities
Access attempts to files in fallback storage

Network Indicators:

Unusual backend user activity patterns

SIEM Query:

source="typo3.log" AND ("DataHandler" AND "sys_file")

📊 Metadata

CVE ID: CVE-2024-25121

CVSS v3 Score: 7.1 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N

CWE: CWE-200

Published: February 13, 2024

Last Updated: November 21, 2024

🔗 References

https://github.com/TYPO3/typo3/security/advisories/GHSA-rj3x-wvc6-5j66 Third Party Advisory
https://typo3.org/security/advisory/typo3-core-sa-2024-006 Vendor Advisory
https://github.com/TYPO3/typo3/security/advisories/GHSA-rj3x-wvc6-5j66 Third Party Advisory
https://typo3.org/security/advisory/typo3-core-sa-2024-006 Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-25121, you might also want to check these:

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Typo3 by Typo3

Typo3 by Typo3

Typo3 by Typo3

Typo3 by Typo3

Typo3 by Typo3

Typo3 by Typo3

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Restrict backend user permissions

Configure proper file storages

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export

🔗 Related Vulnerabilities