High severity7.2NVD Advisory· Published May 20, 2025· Updated Jun 17, 2026
CVE-2025-47940
CVE-2025-47940
Description
TYPO3 is an open source, PHP based web content management system. Starting in version 10.0.0 and prior to versions 10.4.50 ELTS, 11.5.44 ELTS, 12.4.31 LTS, and 13.4.12 LTS, administrator-level backend users without system maintainer privileges can escalate their privileges and gain system maintainer access. Exploiting this vulnerability requires a valid administrator account. Users should update to TYPO3 version 10.4.50 ELTS, 11.5.44 ELTS, 12.4.31 LTS, or 13.4.12 LTS to fix the problem.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
typo3/cms-corePackagist | >= 10.4.0, < 10.4.50 | 10.4.50 |
typo3/cms-corePackagist | >= 11.0.0, < 11.5.44 | 11.5.44 |
typo3/cms-corePackagist | >= 12.0.0, < 12.4.31 | 12.4.31 |
typo3/cms-corePackagist | >= 13.0.0, < 13.4.12 | 13.4.12 |
Affected products
2Patches
Vulnerability mechanics
References
5- github.com/TYPO3/typo3/security/advisories/GHSA-6frx-j292-c844nvdVendor AdvisoryWEB
- github.com/advisories/GHSA-6frx-j292-c844ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2025-47940ghsaADVISORY
- typo3.org/security/advisory/typo3-core-sa-2025-016nvdVendor AdvisoryWEB
- github.com/TYPO3-CMS/core/commit/a659cc8c0ae05c44dd7f01d13629cdd2d0b7219bghsaWEB
News mentions
0No linked articles in our index yet.