Login Sign Up

CVE-2024-55922

5.4 MEDIUM
CSRF

📋 TL;DR

This CSRF vulnerability in TYPO3's backend allows attackers to manipulate or delete form definitions when authenticated backend users interact with malicious URLs. It affects TYPO3 installations with specific misconfigurations. Only users with backend access are vulnerable.

💻 Affected Systems

Products:
  • TYPO3 CMS
Versions: All versions before 11.5.42 ELTS, 12.4.25 LTS, and 13.4.3 LTS
Operating Systems: All
Default Config Vulnerable: ✅ No
Notes: Requires both: security.backend.enforceReferrer disabled AND BE/cookieSameSite set to lax or none

📦 What is this software?

Typo3 by Typo3

View all CVEs affecting Typo3 →

Typo3 by Typo3

View all CVEs affecting Typo3 →

Typo3 by Typo3

View all CVEs affecting Typo3 →

Typo3 by Typo3

View all CVEs affecting Typo3 →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could delete or modify all form definitions, disrupting form functionality across the website.

🟠

Likely Case

Selective manipulation or deletion of form definitions, causing form submission issues.

🟢

If Mitigated

No impact if proper referrer enforcement and cookie settings are configured.

🌐 Internet-Facing: MEDIUM - Requires user interaction and specific misconfigurations, but backend interfaces may be exposed.
🏢 Internal Only: MEDIUM - Internal users could be targeted via phishing or compromised internal sites.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Requires authenticated backend user to click malicious link; exploit depends on specific misconfigurations.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 11.5.42 ELTS, 12.4.25 LTS, or 13.4.3 LTS

Vendor Advisory: https://typo3.org/security/advisory/typo3-core-sa-2025-007

Restart Required: No

Instructions:

1. Identify your TYPO3 version. 2. Update to the patched version matching your release line. 3. Clear caches via Install Tool or CLI.

🔧 Temporary Workarounds

Enable Referrer Enforcement

all

Set security.backend.enforceReferrer to true in LocalConfiguration.php

$TYPO3_CONF_VARS['BE']['enforceReferrer'] = true;

Configure Secure Cookie Settings

all

Set BE/cookieSameSite to 'strict' in LocalConfiguration.php

$TYPO3_CONF_VARS['BE']['cookieSameSite'] = 'strict';

🧯 If You Can't Patch

  • Implement both workarounds: enable referrer enforcement and set cookieSameSite to strict
  • Educate backend users about phishing risks and safe browsing practices

🔍 How to Verify

Check if Vulnerable:

Check TYPO3 version and configuration: version must be below patched versions AND both misconfigurations present

Check Version:

Check typo3/sysext/core/Classes/Information/Typo3Version.php or Admin Panel

Verify Fix Applied:

Confirm TYPO3 version is 11.5.42 ELTS, 12.4.25 LTS, or 13.4.3 LTS or higher

📡 Detection & Monitoring

Log Indicators:

  • Unexpected form definition modifications or deletions in backend logs

Network Indicators:

  • Unusual backend requests with external referrers

SIEM Query:

Search for backend form manipulation events from unexpected IPs or with suspicious referrers

📊 Metadata

CVE ID: CVE-2024-55922
CVSS v3 Score: 5.4 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L
CWE: CWE-352
EPSS Score: 0.05% exploit probability (15.9th percentile)
Published: January 14, 2025
Last Updated: August 26, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-55922, you might also want to check these:

CVE-2025-23922 10.0

A Cross-Site Request Forgery (CSRF) vulnerability in the Harsh iSpring Embedder WordPress plugin all...

Same vulnerability type (CWE-352)
CVE-2020-23426 9.8

CVE-2020-23426 is a privilege escalation vulnerability in zzcms 201910 that allows attackers to gain...

Same vulnerability type (CWE-352)
CVE-2024-33449 9.8

This SSRF vulnerability in PDFMyURL allows attackers to make the service send requests to internal s...

Same vulnerability type (CWE-352)