Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
NVD Vulnerability Details :
CVE-2025-59022
Analyzed
More InfoOfficial Page
Source-f4fb688c-4412-4426-b4b8-421ecf27b14a
View Known Exploited Vulnerability (KEV) details
Published At-13 Jan, 2026 | 12:15
Updated At-14 Jan, 2026 | 19:07

Backend users who had access to the recycler module could delete arbitrary data from any database table defined in the TCA - regardless of whether they had permission to that particular table. This allowed attackers to purge and destroy critical site data, effectively rendering the website unavailable. This issue affects TYPO3 CMS versions 10.0.0-10.4.54, 11.0.0-11.5.48, 12.0.0-12.4.40, 13.0.0-13.4.22 and 14.0.0-14.0.1.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary4.07.1HIGH
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary3.18.1HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
Type: Secondary
Version: 4.0
Base score: 7.1
Base severity: HIGH
Vector:
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Type: Primary
Version: 3.1
Base score: 8.1
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
CPE Matches
TYPO3 Association
typo3
>>typo3>>Versions from 10.0.0(inclusive) to 10.4.55(exclusive)
cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*
TYPO3 Association
typo3
>>typo3>>Versions from 11.0.0(inclusive) to 11.5.49(exclusive)
cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*
TYPO3 Association
typo3
>>typo3>>Versions from 12.0.0(inclusive) to 12.4.41(exclusive)
cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*
TYPO3 Association
typo3
>>typo3>>Versions from 13.0.0(inclusive) to 13.4.23(exclusive)
cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*
TYPO3 Association
typo3
>>typo3>>Versions from 14.0.0(inclusive) to 14.0.2(exclusive)
cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-862Secondaryf4fb688c-4412-4426-b4b8-421ecf27b14a
CWE ID: CWE-862
Type: Secondary
Source: f4fb688c-4412-4426-b4b8-421ecf27b14a
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://github.com/TYPO3/typo3/commit/336d6f165458a0ce32d8330999ab9ab6a5983d20f4fb688c-4412-4426-b4b8-421ecf27b14a
Patch
https://github.com/TYPO3/typo3/commit/a6604db66499710f72ae6e7006beb14ad0913aaef4fb688c-4412-4426-b4b8-421ecf27b14a
Patch
https://github.com/TYPO3/typo3/commit/efb9528f9882ac924c40598ebd8508479e9950a3f4fb688c-4412-4426-b4b8-421ecf27b14a
Patch
https://typo3.org/security/advisory/typo3-core-sa-2026-003f4fb688c-4412-4426-b4b8-421ecf27b14a
Vendor Advisory
Hyperlink: https://github.com/TYPO3/typo3/commit/336d6f165458a0ce32d8330999ab9ab6a5983d20
Source: f4fb688c-4412-4426-b4b8-421ecf27b14a
Resource:
Patch
Hyperlink: https://github.com/TYPO3/typo3/commit/a6604db66499710f72ae6e7006beb14ad0913aae
Source: f4fb688c-4412-4426-b4b8-421ecf27b14a
Resource:
Patch
Hyperlink: https://github.com/TYPO3/typo3/commit/efb9528f9882ac924c40598ebd8508479e9950a3
Source: f4fb688c-4412-4426-b4b8-421ecf27b14a
Resource:
Patch
Hyperlink: https://typo3.org/security/advisory/typo3-core-sa-2026-003
Source: f4fb688c-4412-4426-b4b8-421ecf27b14a
Resource:
Vendor Advisory
Change History
0Changes found
Details not found