Typo3 Cms-Dashboard vulnerabilities

CVE-2025-59017 [MEDIUM] CWE-862 TYPO3 backend modules have Broken Access Control TYPO3 backend modules have Broken Access Control Missing authorization checks in the Backend Routing of TYPO3 CMS versions 9.0.0‑9.5.54, 10.0.0‑10.4.53, 11.0.0‑11.5.47, 12.0.0‑12.4.36, and 13.0.0‑13.4.17 allow backend users to directly invoke AJAX backend routes without having access to the corresponding backend modules.

CVE-2024-55920 [MEDIUM] CWE-352 TYPO3 Cross-Site Request Forgery in Dashboard Module TYPO3 Cross-Site Request Forgery in Dashboard Module ### Problem A vulnerability has been identified in the backend user interface functionality involving deep links. Specifically, this functionality is susceptible to Cross-Site Request Forgery (CSRF). Additionally, state-changing actions in downstream components incorrectly accepted submissions via HTTP GET and did not enforce the appropriate HTTP method. Suc