VulnerableCode Package Details - pkg:composer/typo3/cms-workspaces@10.0.0

Search for packages

Vulnerability	Summary	Fixed by
VCID-buz5-hzv3-97hp Aliases: CVE-2025-59017 GHSA-2fhw-2j7m-mr4m	TYPO3 backend modules have Broken Access Control Missing authorization checks in the Backend Routing of TYPO3 CMS versions 9.0.0‑9.5.54, 10.0.0‑10.4.53, 11.0.0‑11.5.47, 12.0.0‑12.4.36, and 13.0.0‑13.4.17 allow backend users to directly invoke AJAX backend routes without having access to the corresponding backend modules.	12.4.37 Affected by 0 other vulnerabilities. 13.4.18 Affected by 0 other vulnerabilities.
VCID-zxxc-4rsm-yycp Aliases: CVE-2025-59018 GHSA-w2pf-7q5w-2cgw	TYPO3 Workspaces Module Information Disclosure Missing authorization checks in the Workspace Module of TYPO3 CMS versions 9.0.0‑9.5.54, 10.0.0‑10.4.53, 11.0.0‑11.5.47, 12.0.0‑12.4.36, and 13.0.0‑13.4.17 allow backend users to directly invoke the corresponding AJAX backend route to disclose sensitive information without having access.	12.4.37 Affected by 0 other vulnerabilities. 13.4.18 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-buz5-hzv3-97hp
Aliases:
CVE-2025-59017
GHSA-2fhw-2j7m-mr4m

TYPO3 backend modules have Broken Access Control Missing authorization checks in the Backend Routing of TYPO3 CMS versions 9.0.0‑9.5.54, 10.0.0‑10.4.53, 11.0.0‑11.5.47, 12.0.0‑12.4.36, and 13.0.0‑13.4.17 allow backend users to directly invoke AJAX backend routes without having access to the corresponding backend modules.

12.4.37
Affected by 0 other vulnerabilities.

13.4.18
Affected by 0 other vulnerabilities.

VCID-zxxc-4rsm-yycp
Aliases:
CVE-2025-59018
GHSA-w2pf-7q5w-2cgw

TYPO3 Workspaces Module Information Disclosure Missing authorization checks in the Workspace Module of TYPO3 CMS versions 9.0.0‑9.5.54, 10.0.0‑10.4.53, 11.0.0‑11.5.47, 12.0.0‑12.4.36, and 13.0.0‑13.4.17 allow backend users to directly invoke the corresponding AJAX backend route to disclose sensitive information without having access.

12.4.37
Affected by 0 other vulnerabilities.

13.4.18
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Vulnerability

Summary

Aliases

This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-16T23:40:57.075091+00:00	GitLab Importer	Affected by	VCID-buz5-hzv3-97hp	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-workspaces/CVE-2025-59017.yml	38.4.0
2026-04-16T23:40:43.603452+00:00	GitLab Importer	Affected by	VCID-zxxc-4rsm-yycp	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-workspaces/CVE-2025-59018.yml	38.4.0
2026-04-12T01:01:47.324053+00:00	GitLab Importer	Affected by	VCID-buz5-hzv3-97hp	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-workspaces/CVE-2025-59017.yml	38.3.0
2026-04-12T01:01:31.997535+00:00	GitLab Importer	Affected by	VCID-zxxc-4rsm-yycp	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-workspaces/CVE-2025-59018.yml	38.3.0
2026-04-07T04:58:44.846361+00:00	GHSA Importer	Affected by	VCID-zxxc-4rsm-yycp	https://github.com/advisories/GHSA-w2pf-7q5w-2cgw	38.1.0
2026-04-07T04:58:44.752015+00:00	GHSA Importer	Affected by	VCID-buz5-hzv3-97hp	https://github.com/advisories/GHSA-2fhw-2j7m-mr4m	38.1.0
2026-04-03T01:10:03.557055+00:00	GitLab Importer	Affected by	VCID-buz5-hzv3-97hp	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-workspaces/CVE-2025-59017.yml	38.1.0
2026-04-03T01:09:47.179399+00:00	GitLab Importer	Affected by	VCID-zxxc-4rsm-yycp	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-workspaces/CVE-2025-59018.yml	38.1.0