CVE-2025-12998

🗓️ 12 Nov 2025 11:16:59Reported by TYPO3Type

CVE-2025-12998 is an improper authentication flaw in the TYPO3 Modules extension affecting multiple versions.

Reporter	Title	Published	Views	Family All 11
Circl	CVE-2025-12998	12 Nov 202513:15	–	circl
CNNVD	TYPO3 Extension Modules 安全漏洞	12 Nov 202500:00	–	cnnvd
Cvelist	CVE-2025-12998 Broken Authentication in extension “Modules” (modules)	12 Nov 202511:16	–	cvelist
EUVD	EUVD-2025-124903	12 Nov 202511:16	–	euvd
Github Security Blog	TYPO3 Modules Extension has Improper Authentication vulnerability	12 Nov 202512:30	–	github
NVD	CVE-2025-12998	12 Nov 202512:15	–	nvd
OSV	GHSA-49QV-H8PM-73PF TYPO3 Modules Extension has Improper Authentication vulnerability	12 Nov 202512:30	–	osv
Positive Technologies	PT-2025-46649	12 Nov 202500:00	–	ptsecurity
RedhatCVE	CVE-2025-12998	13 Nov 202512:04	–	redhatcve
Snyk	Incorrect Authorization	12 Nov 202511:43	–	snyk

[
  {
    "collectionURL": "https://packagist.org/",
    "defaultStatus": "unaffected",
    "packageName": "codingms/modules",
    "product": "Extension \"Modules\"",
    "repo": "https://gitlab.com/codingms/typo3-public/modules",
    "vendor": "TYPO3",
    "versions": [
      {
        "lessThan": "4.3.11",
        "status": "affected",
        "version": "0",
        "versionType": "semver"
      },
      {
        "lessThan": "5.7.4",
        "status": "affected",
        "version": "5.0.0",
        "versionType": "semver"
      },
      {
        "lessThan": "6.4.2",
        "status": "affected",
        "version": "6.0.0",
        "versionType": "semver"
      },
      {
        "lessThan": "7.5.5",
        "status": "affected",
        "version": "7.0.0",
        "versionType": "semver"
      }
    ]
  }
]

Source	Link
typo3	www.typo3.org/security/advisory/typo3-ext-sa-2025-015

15 Apr 2026 00:35Current

6.6Medium risk

Vulners AI Score6.6

CVSS 48.2

EPSS0.00072

SSVC

CWE-287