Search for packages
| purl | pkg:composer/typo3/cms-recycler@13.3.0 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-hz62-3vvg-bbg4
Aliases: CVE-2025-59022 GHSA-p52w-7rhw-9m67 |
TYPO3 CMS Allows Broken Access Control in Recycler Module ### Problem Backend users who had access to the recycler module could delete arbitrary data from any database table defined in the TCA - regardless of whether they had permission to that particular table. This allowed attackers to purge and destroy critical site data, effectively rendering the website unavailable. ### Solution Update to TYPO3 versions 10.4.55 ELTS, 11.5.49 ELTS, 12.4.41 LTS, 13.4.23 LTS, 14.0.2 that fix the problem described. ### Credits Thanks to Sven Jürgens and Daniel Windloff for reporting this issue, and to TYPO3 security team member Elias Häußler for fixing it. ### References * [TYPO3-CORE-SA-2026-003](https://typo3.org/security/advisory/typo3-core-sa-2026-003) |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-04-17T00:07:40.166804+00:00 | GitLab Importer | Affected by | VCID-hz62-3vvg-bbg4 | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-recycler/CVE-2025-59022.yml | 38.4.0 |
| 2026-04-12T01:31:09.251116+00:00 | GitLab Importer | Affected by | VCID-hz62-3vvg-bbg4 | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-recycler/CVE-2025-59022.yml | 38.3.0 |
| 2026-04-03T01:40:01.569853+00:00 | GitLab Importer | Affected by | VCID-hz62-3vvg-bbg4 | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-recycler/CVE-2025-59022.yml | 38.1.0 |