What is CVE-2025-47939?

CVE-2025-47939 is a medium-severity vulnerability in Typo3, classified under CWE-351. CVSS score: 5.4/10. Published 2025-05-20.

How severe is CVE-2025-47939?

Medium severity. CVSS v3 base score is 5.4 out of 10.

Arbitrary file upload in Typo3

CVE-2025-47939

TYPO3 is an open source, PHP based web content management system. By design, the file management module in TYPO3’s backend user interface has historically allowed the upload of any file type, with the exception of those that are directly e…

EPSS: 0.001 (31.8th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 5.4 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L.

Affected products

Typo3 — versions >= 9.0.0, < 9.5.51, >= 10.0.0, < 10.4.50, >= 11.0.0, < 11.5.44

Weakness classification (CWE)

References

https://github.com/TYPO3/typo3/security/advisories/GHSA-9hq9-cr36-4wpj (x_refsource_CONFIRM)
https://typo3.org/security/advisory/typo3-core-sa-2025-014 (x_refsource_MISC)

Frequently asked questions

What is CVE-2025-47939?: CVE-2025-47939 is a medium-severity vulnerability in Typo3, classified under CWE-351. CVSS score: 5.4/10. Published 2025-05-20.
How severe is CVE-2025-47939?: Medium severity. CVSS v3 base score is 5.4 out of 10.