CVE-2025-59013
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-09-09

Last updated on: 2025-09-10

Assigner: TYPO3

Description
An open‑redirect vulnerability in GeneralUtility::sanitizeLocalUrl of TYPO3 CMS 9.0.0–9.5.54, 10.0.0–10.4.53, 11.0.0–11.5.47, 12.0.0–12.4.36, and 13.0.0–13.4.17 allows an attacker to redirect users to arbitrary external sites, enabling phishing attacks by supplying a manipulated, sanitized URL.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-09-09
Last Modified
2025-09-10
Generated
2026-06-16
AI Q&A
2025-09-09
EPSS Evaluated
2026-06-14
NVD
CVE-2025-59013
EUVD
EUVD-2025-27232
Affected Vendors & Products
Showing 5 associated CPEs
Vendor Product Version / Range
typo3 typo3 From 9.0.0 (inc) to 9.5.55 (exc)
typo3 typo3 From 10.0.0 (inc) to 10.4.54 (exc)
typo3 typo3 From 11.0.0 (inc) to 11.5.48 (exc)
typo3 typo3 From 12.0.0 (inc) to 12.4.37 (exc)
typo3 typo3 From 13.0.0 (inc) to 13.4.18 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-601 The web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a redirect.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is an open-redirect issue in the TYPO3 CMS software, specifically in the GeneralUtility::sanitizeLocalUrl function. Although this function is supposed to restrict URLs to local ones, it can be bypassed, allowing attackers to redirect users to arbitrary external websites. This can be exploited to conduct phishing attacks by tricking users into visiting malicious sites through manipulated URLs. [1]

Impact Analysis

The vulnerability can impact you by enabling attackers to redirect your users to malicious external websites without your consent. This can lead to phishing attacks where users might be deceived into providing sensitive information or downloading malware. While the impact on confidentiality, integrity, and availability is limited, the risk to user trust and security is significant. [1]

Detection Guidance

This vulnerability can be detected by monitoring for URLs that use the vulnerable TYPO3 CMS versions and checking for unexpected redirects to external sites via the GeneralUtility::sanitizeLocalUrl function. Specific detection commands are not provided in the available resources. It is recommended to review web server logs for suspicious redirect patterns and verify the TYPO3 CMS version in use to identify if it falls within the affected ranges. [1]

Mitigation Strategies

The immediate mitigation step is to update TYPO3 CMS to the patched versions: 9.5.55 ELTS, 10.4.54 ELTS, 11.5.48 ELTS, 12.4.37 LTS, or 13.4.18 LTS. Additionally, follow the TYPO3 Security Guide recommendations and subscribe to the typo3-announce mailing list for ongoing security updates. [1]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-59013. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart