CVE-2024-55892
📋 TL;DR
This vulnerability in TYPO3's URI parsing component allows attackers to bypass host validation checks when processing externally provided URLs. This can lead to open redirect attacks (redirecting users to malicious sites) or server-side request forgery (SSRF) attacks (making the server send requests to internal systems). All TYPO3 installations using affected versions with URL parsing functionality are vulnerable.
💻 Affected Systems
- TYPO3 CMS
📦 What is this software?
Typo3 by Typo3
Typo3 by Typo3
Typo3 by Typo3
Typo3 by Typo3
Typo3 by Typo3
⚠️ Risk & Real-World Impact
Worst Case
SSRF attacks could allow attackers to access internal services, exfiltrate sensitive data, or perform internal network reconnaissance. Open redirects could facilitate phishing campaigns by redirecting legitimate users to malicious sites.
Likely Case
Open redirect attacks where attackers trick users into visiting malicious websites through legitimate-looking TYPO3 redirects. Limited SSRF against accessible internal services.
If Mitigated
If proper input validation and URL sanitization are implemented beyond the vulnerable component, impact is minimal.
🎯 Exploit Status
Exploitation requires the application to parse user-provided URLs and use them after validation. No authentication required if vulnerable endpoint is exposed.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 9.5.49 ELTS, 10.4.48 ELTS, 11.5.42 LTS, 12.4.25 LTS, 13.4.3
Vendor Advisory: https://typo3.org/security/advisory/typo3-core-sa-2025-002
Restart Required: No
Instructions:
1. Identify your TYPO3 version. 2. Update to the patched version for your release line. 3. Clear all caches after update. 4. Test URL parsing functionality.
🔧 Temporary Workarounds
No workarounds available
allThe vendor advisory states there are no known workarounds for this vulnerability.
🧯 If You Can't Patch
- Implement additional URL validation and sanitization in application code before using parsed URLs
- Restrict access to URL parsing endpoints using web application firewalls or network controls
🔍 How to Verify
Check if Vulnerable:
Check if your TYPO3 installation uses TYPO3\CMS\Core\Http\Uri to parse user-provided URLs and validates hostnames. Review code for URL parsing patterns.Check Version:
Check TYPO3 backend under Admin Tools > System > Environment or run: php typo3/sysext/core/bin/typo3 --versionVerify Fix Applied:
Verify TYPO3 version is updated to patched version and test URL parsing functionality with malicious URLs to ensure proper validation.📡 Detection & Monitoring
Log Indicators:
- Unusual redirect patterns in access logs
- Requests to internal IP addresses from TYPO3 server
- Multiple failed URL validation attempts
Network Indicators:
- TYPO3 server making unexpected outbound HTTP requests
- Redirects to external domains from TYPO3 endpoints
SIEM Query:
source="typo3_access.log" AND (url="*redirect*" OR url="*http://*" OR url="*https://*") AND status=302