CVE-2025-59019

Source
https://cve.org/CVERecord?id=CVE-2025-59019
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-59019.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2025-59019
Aliases
Published
2025-09-09T09:01:17.787Z
Modified
2026-07-15T01:48:55.445450706Z
Severity
  • 5.3 (Medium) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N CVSS Calculator
Summary
Information Disclosure via CSV Download
Details

Missing authorization checks in the CSV download feature of TYPO3 CMS versions 11.0.0‑11.5.47, 12.0.0‑12.4.36, and 13.0.0‑13.4.17 allow backend users to disclose information from arbitrary database tables stored within the users' web mounts without having access to them.

Database specific
{
    "cwe_ids": [
        "CWE-200"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/59xxx/CVE-2025-59019.json",
    "cna_assigner": "TYPO3",
    "unresolved_ranges": [
        {
            "extracted_events": [
                {
                    "introduced": "11.0.0"
                },
                {
                    "fixed": "11.5.48"
                }
            ],
            "source": "AFFECTED_FIELD"
        }
    ]
}
References

Affected packages

Git / github.com/typo3/typo3

Affected ranges

Type
GIT
Repo
https://github.com/typo3/typo3
Events
Database specific
{
    "cpe": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
    "extracted_events": [
        {
            "introduced": "12.0.0"
        },
        {
            "fixed": "12.4.37"
        },
        {
            "introduced": "13.0.0"
        },
        {
            "fixed": "13.4.18"
        }
    ],
    "source": "CPE_RANGE"
}

Affected versions

v12.*
v12.0.0
v12.1.0
v12.2.0
v12.3.0
v12.4.0
v12.4.1
v12.4.10
v12.4.11
v12.4.12
v12.4.13
v12.4.14
v12.4.15
v12.4.16
v12.4.17
v12.4.18
v12.4.19
v12.4.2
v12.4.20
v12.4.21
v12.4.22
v12.4.23
v12.4.24
v12.4.25
v12.4.26
v12.4.27
v12.4.28
v12.4.29
v12.4.3
v12.4.30
v12.4.31
v12.4.32
v12.4.33
v12.4.34
v12.4.35
v12.4.36
v12.4.4
v12.4.5
v12.4.6
v12.4.7
v12.4.8
v12.4.9
v13.*
v13.0.0
v13.1.0
v13.2.0
v13.2.1
v13.3.0
v13.4.0
v13.4.1
v13.4.10
v13.4.11
v13.4.12
v13.4.13
v13.4.14
v13.4.15
v13.4.16
v13.4.17
v13.4.2
v13.4.3
v13.4.4
v13.4.5
v13.4.6
v13.4.7
v13.4.8
v13.4.9

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-59019.json"