Description

Backend users with access to the redirects module and write permission on the sys_redirect table were able to read, create, and modify any redirect record without restriction to the user’s own file-mounts or web-mounts. This allowed attackers to insert or alter redirects pointing to arbitrary URLs – facilitating phishing or other malicious redirect attacks. This issue affects TYPO3 CMS versions 10.0.0-10.4.54, 11.0.0-11.5.48, 12.0.0-12.4.40, 13.0.0-13.4.22 and 14.0.0-14.0.1.

INFO

Published Date :

2026-01-13T11:53:25.879Z

Last Modified :

2026-01-13T11:53:25.879Z

Source :

TYPO3
AFFECTED PRODUCTS

The following products are affected by CVE-2025-59021 vulnerability.

Vendors Products
Typo3
  • Typo3
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-59021.

URL Resource
https://github.com/TYPO3/typo3/commit/8a46abd8993e3a5a31a834dcd6c8f91adef57ce4 cve-icon cve-icon
https://github.com/TYPO3/typo3/commit/bac370df5c1c3fcf5ebc1c030fbd2bec86d6a686 cve-icon cve-icon
https://github.com/TYPO3/typo3/commit/fbbae3b9a40d0420207ef7af990cdf1ac0612c0b cve-icon cve-icon
https://typo3.org/security/advisory/typo3-core-sa-2026-002 cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Attack Requirements
Privileges Required
User Interaction
VS Confidentiality
VS Integrity
VS Availability
SS Confidentiality
SS Integrity
SS Availability