CVE-2025-59021MEDIUM≥ 14.0.0, < 14.0.2·≥ 13.0.0, < 13.4.23+3 more2026-01-13
CVE-2025-59021 [MEDIUM] CWE-862 TYPO3 CMS Allows Broken Access Control in Redirects Module
TYPO3 CMS Allows Broken Access Control in Redirects Module
### Problem
Backend users with access to the redirects module and write permission on the `sys_redirect` table were able to read, create, and modify any redirect record - without restriction to the user’s own file‑mounts or web‑mounts. This allowed attackers to insert or alter redirects pointing to arbitrary URLs - facilitating phishing or other m
ghsaosv