Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:composer/typo3/cms-recycler@13.4.23
purl pkg:composer/typo3/cms-recycler@13.4.23
Vulnerabilities affecting this package (0)
Vulnerability Summary Fixed by
This package is not known to be affected by vulnerabilities.
Vulnerabilities fixed by this package (1)
Vulnerability Summary Aliases
VCID-hz62-3vvg-bbg4 TYPO3 CMS Allows Broken Access Control in Recycler Module ### Problem Backend users who had access to the recycler module could delete arbitrary data from any database table defined in the TCA - regardless of whether they had permission to that particular table. This allowed attackers to purge and destroy critical site data, effectively rendering the website unavailable. ### Solution Update to TYPO3 versions 10.4.55 ELTS, 11.5.49 ELTS, 12.4.41 LTS, 13.4.23 LTS, 14.0.2 that fix the problem described. ### Credits Thanks to Sven Jürgens and Daniel Windloff for reporting this issue, and to TYPO3 security team member Elias Häußler for fixing it. ### References * [TYPO3-CORE-SA-2026-003](https://typo3.org/security/advisory/typo3-core-sa-2026-003) CVE-2025-59022
GHSA-p52w-7rhw-9m67

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-01T16:07:44.533613+00:00 GHSA Importer Fixing VCID-hz62-3vvg-bbg4 https://github.com/advisories/GHSA-p52w-7rhw-9m67 38.0.0
2026-04-01T12:53:38.662500+00:00 GitLab Importer Fixing VCID-hz62-3vvg-bbg4 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-recycler/CVE-2025-59022.yml 38.0.0
2026-04-01T12:52:28.939857+00:00 GithubOSV Importer Fixing VCID-hz62-3vvg-bbg4 https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/01/GHSA-p52w-7rhw-9m67/GHSA-p52w-7rhw-9m67.json 38.0.0