CVE-2025-59021 — MEDIUM (6.4)

Q: How severe is CVE-2025-59021?

CVE-2025-59021 has been rated MEDIUM with a CVSS base score of 6.4/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2025-59021?

Check the references section above for vendor advisories and patch information. Affected products include: Typo3 Typo3.

Vulnerability Description

Backend users with access to the redirects module and write permission on the sys_redirect table were able to read, create, and modify any redirect record without restriction to the user’s own file-mounts or web-mounts. This allowed attackers to insert or alter redirects pointing to arbitrary URLs – facilitating phishing or other malicious redirect attacks. This issue affects TYPO3 CMS versions 10.0.0-10.4.54, 11.0.0-11.5.48, 12.0.0-12.4.40, 13.0.0-13.4.22 and 14.0.0-14.0.1.

CVSS Score

6.4

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality

LOW

Integrity

LOW

Availability

NONE

Affected Products

Vendor	Product	Versions
Typo3	Typo3	>= 10.0.0, < 10.4.55

Related Weaknesses (CWE)

CWE-862

References

FAQ

What is CVE-2025-59021?

CVE-2025-59021 is a vulnerability with a CVSS score of 6.4 (MEDIUM). Backend users with access to the redirects module and write permission on the sys_redirect table were able to read, create, and modify any redirect record without restriction to the user’s own file-mo...

How severe is CVE-2025-59021?

CVE-2025-59021 has been rated MEDIUM with a CVSS base score of 6.4/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2025-59021?

Check the references section above for vendor advisories and patch information. Affected products include: Typo3 Typo3.