CVE-2025-59019
📋 TL;DR
This vulnerability allows authenticated backend users in TYPO3 CMS to download CSV files containing data from database tables they shouldn't have access to, specifically from web mounts they lack permissions for. It affects TYPO3 CMS installations with vulnerable versions and backend user accounts.
💻 Affected Systems
- TYPO3 CMS
📦 What is this software?
Typo3 by Typo3
Typo3 by Typo3
Typo3 by Typo3
⚠️ Risk & Real-World Impact
Worst Case
Privileged backend users could exfiltrate sensitive data from any database table within their web mounts, potentially exposing confidential information, user data, or configuration details.
Likely Case
Backend users with limited permissions could access data beyond their intended scope, leading to information disclosure of non-critical but potentially sensitive data.
If Mitigated
With proper user access controls and monitoring, impact is limited to authorized users accessing data they shouldn't see, but not system compromise.
🎯 Exploit Status
Requires authenticated backend user access; exploitation involves using CSV download feature with crafted parameters
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: TYPO3 v11.5.48, v12.4.37, v13.4.18
Vendor Advisory: https://typo3.org/security/advisory/typo3-core-sa-2025-023
Restart Required: No
Instructions:
1. Update TYPO3 to patched version (11.5.48, 12.4.37, or 13.4.18). 2. Apply via Composer: composer require typo3/cms-core:~11.5.48 (adjust version). 3. Clear caches via Install Tool or CLI.
🔧 Temporary Workarounds
Disable CSV download feature
allRemove or restrict access to the CSV download functionality in backend
Modify TYPO3 backend configuration to disable CSV export features
Restrict backend user permissions
allLimit backend user access to only necessary modules and functions
Review and tighten backend user group permissions in TYPO3 backend
🧯 If You Can't Patch
- Implement strict access controls and principle of least privilege for all backend users
- Monitor CSV download activities and database access logs for suspicious patterns
🔍 How to Verify
Check if Vulnerable:
Check TYPO3 version in Install Tool or via CLI: php typo3/sysext/core/bin/typo3 --versionCheck Version:
php typo3/sysext/core/bin/typo3 --versionVerify Fix Applied:
Confirm version is 11.5.48+, 12.4.37+, or 13.4.18+ and test CSV download with limited user📡 Detection & Monitoring
Log Indicators:
- Unusual CSV download requests from backend users
- Database queries from CSV export functionality accessing unexpected tables
Network Indicators:
- Large CSV file downloads from backend users
- Patterns of CSV export requests
SIEM Query:
source="typo3.log" AND "CSV" AND "download" AND user NOT IN [authorized_users]