VulnerableCode Package Details - pkg:composer/typo3/cms-recycler@11.5.48

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:composer/typo3/cms-recycler@11.5.48

Essentials
History (1)

purl	pkg:composer/typo3/cms-recycler@11.5.48
Tags	Ghost

Next non-vulnerable version	12.4.41
Latest non-vulnerable version	14.0.2
Risk	4.0

Vulnerabilities affecting this package (1)

Vulnerability	Summary	Fixed by
VCID-hz62-3vvg-bbg4 Aliases: CVE-2025-59022 GHSA-p52w-7rhw-9m67	TYPO3 CMS Allows Broken Access Control in Recycler Module ### Problem Backend users who had access to the recycler module could delete arbitrary data from any database table defined in the TCA - regardless of whether they had permission to that particular table. This allowed attackers to purge and destroy critical site data, effectively rendering the website unavailable. ### Solution Update to TYPO3 versions 10.4.55 ELTS, 11.5.49 ELTS, 12.4.41 LTS, 13.4.23 LTS, 14.0.2 that fix the problem described. ### Credits Thanks to Sven Jürgens and Daniel Windloff for reporting this issue, and to TYPO3 security team member Elias Häußler for fixing it. ### References * [TYPO3-CORE-SA-2026-003](https://typo3.org/security/advisory/typo3-core-sa-2026-003)	11.5.49 Affected by 0 other vulnerabilities. 12.4.41 Affected by 0 other vulnerabilities. 13.4.23 Affected by 0 other vulnerabilities. 14.0.2 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-hz62-3vvg-bbg4
Aliases:
CVE-2025-59022
GHSA-p52w-7rhw-9m67

TYPO3 CMS Allows Broken Access Control in Recycler Module ### Problem Backend users who had access to the recycler module could delete arbitrary data from any database table defined in the TCA - regardless of whether they had permission to that particular table. This allowed attackers to purge and destroy critical site data, effectively rendering the website unavailable. ### Solution Update to TYPO3 versions 10.4.55 ELTS, 11.5.49 ELTS, 12.4.41 LTS, 13.4.23 LTS, 14.0.2 that fix the problem described. ### Credits Thanks to Sven Jürgens and Daniel Windloff for reporting this issue, and to TYPO3 security team member Elias Häußler for fixing it. ### References * [TYPO3-CORE-SA-2026-003](https://typo3.org/security/advisory/typo3-core-sa-2026-003)

11.5.49
Affected by 0 other vulnerabilities.

12.4.41
Affected by 0 other vulnerabilities.

13.4.23
Affected by 0 other vulnerabilities.

14.0.2
Affected by 0 other vulnerabilities.

Vulnerabilities fixed by this package (0)

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-01T16:07:44.510548+00:00	GHSA Importer	Affected by	VCID-hz62-3vvg-bbg4	https://github.com/advisories/GHSA-p52w-7rhw-9m67	38.0.0