CVE-2025-59020 — MEDIUM (6.5)

Q: How severe is CVE-2025-59020?

CVE-2025-59020 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2025-59020?

Check the references section above for vendor advisories and patch information. Affected products include: Typo3 Typo3.

Vulnerability Description

By exploiting the defVals parameter, attackers could bypass field‑level access checks during record creation in the TYPO3 backend. This gave them the ability to insert arbitrary data into prohibited exclude fields of a database table for which the user already has write permission for a reduced set of fields. This issue affects TYPO3 CMS versions 10.0.0-10.4.54, 11.0.0-11.5.48, 12.0.0-12.4.40, 13.0.0-13.4.22 and 14.0.0-14.0.1.

CVSS Score

6.5

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

HIGH

Availability

NONE

Affected Products

Vendor	Product	Versions
Typo3	Typo3	>= 10.0.0, < 10.4.55

Related Weaknesses (CWE)

CWE-863

References

FAQ

What is CVE-2025-59020?

CVE-2025-59020 is a vulnerability with a CVSS score of 6.5 (MEDIUM). By exploiting the defVals parameter, attackers could bypass field‑level access checks during record creation in the TYPO3 backend. This gave them the ability to insert arbitrary data into prohibited e...

How severe is CVE-2025-59020?

CVE-2025-59020 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2025-59020?

Check the references section above for vendor advisories and patch information. Affected products include: Typo3 Typo3.