| Reporter | Title | Published | Views | Family All 16 |
|---|---|---|---|---|
| The vulnerability of the DataHandler module and the Setup Module of the TYPO3 content management system allows attackers to bypass security restrictions and gain unauthorized access to protected information. | 27 May 202500:00 | – | bdu_fstec | |
| CVE-2025-47938 | 20 May 202515:13 | – | circl | |
| TYPO3 安全漏洞 | 20 May 202500:00 | – | cnnvd | |
| CVE-2025-47938 | 20 May 202513:49 | – | cve | |
| CVE-2025-47938 TYPO3 Vulnerable to Unverified Password Change for Backend Users | 20 May 202513:49 | – | cvelist | |
| EUVD-2025-15819 | 3 Oct 202520:07 | – | euvd | |
| TYPO3 Unverified Password Change for Backend Users | 20 May 202519:26 | – | github | |
| CVE-2025-47938 | 20 May 202514:15 | – | nvd | |
| CVE-2025-47938 TYPO3 Vulnerable to Unverified Password Change for Backend Users | 20 May 202513:49 | – | osv | |
| GHSA-3JRG-97F3-RQH9 TYPO3 Unverified Password Change for Backend Users | 20 May 202519:26 | – | osv |
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##
include('compat.inc');
if (description)
{
script_id(236978);
script_version("1.1");
script_set_attribute(attribute:"plugin_modification_date", value:"2025/05/20");
script_cve_id("CVE-2025-47938");
script_name(english:"TYPO3 9.0.0 < 9.5.51 ELTS / 10.0.0 < 10.4.50 ELTS / 11.0.0 < 11.5.44 ELTS / 12.0.0 < 12.4.31 / 13.0.0 < 13.4.12 (TYPO3-CORE-SA-2025-013)");
script_set_attribute(attribute:"synopsis", value:
"The remote webserver is affected by a vulnerability");
script_set_attribute(attribute:"description", value:
"The version of TYPO3 installed on the remote host is 9.0.0 prior to 9.5.51 ELTS / 10.0.0 prior to 10.4.50 ELTS / 11.0.0
prior to 11.5.44 ELTS / 12.0.0 prior to 12.4.31 / 13.0.0 prior to 13.4.12. It is, therefore, affected by a vulnerability
as referenced in the TYPO3-CORE-SA-2025-013 advisory.
- The backend user management interface allows password changes without requiring the current password. When
an administrator updates their own account or modifies other user accounts via the admin interface, the
current password is not requested for verification. This behavior may lower the protection against
unauthorized access in scenarios where an admin session is hijacked or left unattended, as it enables
password changes without additional authentication. (CVE-2025-47938)
Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
script_set_attribute(attribute:"see_also", value:"https://typo3.org/security/advisory/typo3-core-sa-2025-013");
script_set_attribute(attribute:"solution", value:
"Upgrade to TYPO3 9.5.51 ELTS, 10.4.50 ELTS, 11.5.44 ELTS, 12.4.31, 13.4.12 or later.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:M/C:P/I:P/A:N");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2025-47938");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"vuln_publication_date", value:"2025/05/20");
script_set_attribute(attribute:"patch_publication_date", value:"2025/05/20");
script_set_attribute(attribute:"plugin_publication_date", value:"2025/05/20");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_set_attribute(attribute:"cpe", value:"cpe:/a:typo3:typo3");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_set_attribute(attribute:"thorough_tests", value:"true");
script_set_attribute(attribute:"enable_cgi_scanning", value:"true");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"CGI abuses");
script_copyright(english:"This script is Copyright (C) 2025 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("typo3_detect.nasl");
script_require_keys("installed_sw/TYPO3", "www/PHP");
script_require_ports("Services/www", 80);
exit(0);
}
include('vcf.inc');
include('http.inc');
port = get_http_port(default:80, php:TRUE);
app_info = vcf::get_app_info(app:'TYPO3', port:port, webapp:TRUE);
var constraints = [
{ 'min_version' : '9.0.0', 'max_version' : '9.5.50', 'fixed_version' : '9.5.51', 'fixed_display' : '9.5.51 ELTS' },
{ 'min_version' : '10.0.0', 'max_version' : '10.4.49', 'fixed_version' : '10.4.50', 'fixed_display' : '10.4.50 ELTS' },
{ 'min_version' : '11.0.0', 'max_version' : '11.5.43', 'fixed_version' : '11.5.44', 'fixed_display' : '11.5.44 ELTS' },
{ 'min_version' : '12.0.0', 'max_version' : '12.4.30', 'fixed_version' : '12.4.31' },
{ 'min_version' : '13.0.0', 'max_version' : '13.4.11', 'fixed_version' : '13.4.12' }
];
vcf::check_version_and_report(
app_info:app_info,
constraints:constraints,
severity:SECURITY_WARNING
);
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation