🛡️ CVE-2025-47936
🟢 CVSS 3.3 — Low ✅ No Known Exploit CWE-918 NVD
3.3
CVSS Score
0 Low4 Medium7 High9 Critical10

Description

TYPO3 is an open source, PHP based web content management system. In versions on the 12.x branch prior to 12.4.31 LTS and the 13.x branch prior to 13.4.2 LTS, Webhooks are inherently vulnerable to Cross-Site Request Forgery (CSRF), which can be exploited by adversaries to target internal resources (e.g., localhost or other services on the local network). While this is not a vulnerability in TYPO3 itself, it may enable attackers to blindly access systems that would otherwise be inaccessible. An administrator-level backend user account is required to exploit this vulnerability. Users should update to TYPO3 version 12.4.31 LTS or 13.4.12 LTS to fix the problem.

Details

Severity LOW
CVSS Score 3.3
CVSS Vector CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:L
CWE CWE-918
Public Exploit ✅ No
Source NVD
Published 2025-05-20
Updated 2026-06-15
Modified 2025-09-03
Fix URL N/A

Affected Packages

Software From version Fixed in
typo3 13.0.0 13.4.12
typo3/cms-webhooks 13.0.0 13.4.12

Similar Threats

Patch Gap Protection

Running software with known vulnerabilities?

BotEraser can help reduce exposure by blocking IPs associated with exploit activity — even before a patch is available.

Start Free →

No credit card required  ·  Results in minutes

ⓘ Data Notice: The information presented above has been compiled from publicly available internet sources. Boteraser aggregates this data solely for informational purposes and does not independently classify, evaluate, or endorse any findings about the vulnerabilities listed. The accuracy and completeness of this information is the sole responsibility of the original publishers. Boteraser and its operators accept no liability for any decisions made based on this data.