What is CVE-2025-47940?

CVE-2025-47940 is a high-severity vulnerability in Typo3, classified under CWE-283. CVSS score: 7.2/10. Published 2025-05-20.

How severe is CVE-2025-47940?

High severity. CVSS v3 base score is 7.2 out of 10.

Vulnerability in Typo3

CVE-2025-47940

TYPO3 is an open source, PHP based web content management system. Starting in version 10.0.0 and prior to versions 10.4.50 ELTS, 11.5.44 ELTS, 12.4.31 LTS, and 13.4.12 LTS, administrator-level backend users without system maintainer privil…

EPSS: 0.003 (55.0th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.2 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H.

Affected products

Typo3 — versions >= 10.0.0, < 10.4.50, >= 11.0.0, < 11.5.44, >= 12.0.0, < 12.4.31

Weakness classification (CWE)

CWE-283

References

https://github.com/TYPO3/typo3/security/advisories/GHSA-6frx-j292-c844 (x_refsource_CONFIRM)
https://typo3.org/security/advisory/typo3-core-sa-2025-016 (x_refsource_MISC)

Frequently asked questions

What is CVE-2025-47940?: CVE-2025-47940 is a high-severity vulnerability in Typo3, classified under CWE-283. CVSS score: 7.2/10. Published 2025-05-20.
How severe is CVE-2025-47940?: High severity. CVSS v3 base score is 7.2 out of 10.