Auth bypass in Typo3 Extension "Modules"

CVE-2025-12998

Improper Authentication vulnerability in TYPO3 Extension "Modules" codingms/modules.This issue affects Extension "Modules": before 4.3.11, from 5.0.0 before 5.7.4, from 6.0.0 before 6.4.2, from 7.0.0 before 7.5.5.

Vulnerability class: Broken Authentication

EPSS: 0.004 (30.8th percentile) — read the EPSS interpretation.

Affected products

Weakness classification (CWE)

References