TYPO3 CMS Missing Auth Checks in CSV Download v11-13
CVE-2025-59019 Published on September 9, 2025

Information Disclosure via CSV Download
Missing authorization checks in the CSV download feature of TYPO3 CMS versions 11.0.011.5.47, 12.0.012.4.36, and 13.0.013.4.17 allow backend users to disclose information from arbitrary database tables stored within the users' web mounts without having access to them.

Vendor Advisory NVD

Weakness Type

What is an Information Disclosure Vulnerability?

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

CVE-2025-59019 has been classified to as an Information Disclosure vulnerability or weakness.

Affected Versions

TYPO3 CMS:

Version 12.0.0 and below 12.4.37 is affected.
Version 13.0.0 and below 13.4.18 is affected.

TYPO3 CMS:

Version 11.0.0 and below 11.5.48 is affected.

Exploit Probability

EPSS

0.04%

Percentile

12.89%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

TYPO3 CMS Missing Auth Checks in CSV Download v11-13CVE-2025-59019 Published on September 9, 2025

Weakness Type

What is an Information Disclosure Vulnerability?

Affected Versions

Exploit Probability

TYPO3 CMS Missing Auth Checks in CSV Download v11-13
CVE-2025-59019 Published on September 9, 2025