TYPO3-CORE-SA-2025-017: Open Redirect in TYPO3 CMS

Categories: Development, TYPO3 CMS Created by Oliver Hader
It has been discovered that TYPO3 CMS is susceptible to open redirect.


Problem Description

Applications that use TYPO3\CMS\Core\Utility\GeneralUtility::sanitizeLocalUrl to allow only local URLs are vulnerable to open redirect attacks if the URL is used after it has passed the aforementioned sanitization checks. This enables attackers to redirect users to external content and carry out phishing attacks.

Solution

Update to TYPO3 versions 9.5.55 ELTS, 10.4.54 ELTS, 11.5.48 ELTS, 12.4.37 LTS, 13.4.18 LTS that fix the problem described.

Credits

Thanks to TYPO3 core & security  team member Oliver Hader for reporting this issue, and to TYPO3 core & security team member Benjamin Franzke for fixing it.

General Advice

Follow the recommendations that are given in the TYPO3 Security Guide. Please subscribe to the typo3-announce mailing list.

General Note

All security-related code changes are tagged so you can easily look them up in our review system.