TYPO3-CORE-SA-2025-022: Information Disclosure in Workspaces Module

Categories: Development, TYPO3 CMS Created by Oliver Hader
It has been discovered that TYPO3 CMS is susceptible to information disclosure.


Problem Description

In addition to the vulnerability documented in TYPO3‑CORE‑SA‑2025‑021 (CVE‑2025‑59017), any authenticated backend user could invoke a backend AJAX route belonging to the workspaces module.

The route allowed the caller to request arbitrary data from the database, without performing a permission check on the target table. Consequently, a backend user without rights to a particular database table could retrieve sensitive records, leading to information disclosure.

Solution

Update to TYPO3 versions 9.5.55 ELTS, 10.4.54 ELTS, 11.5.48 ELTS, 12.4.37 LTS, 13.4.18 LTS that fix the problem described.

Credits

Thanks to TYPO3 core & security team member Oliver Hader for reporting and fixing this issue.

General Advice

Follow the recommendations that are given in the TYPO3 Security Guide. Please subscribe to the typo3-announce mailing list.

General Note

All security-related code changes are tagged so you can easily look them up in our review system.