Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:composer/typo3/cms-recycler@13.2.1

Type composer

Namespace typo3

Name cms-recycler

Version 13.2.1

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 13.4.23

Latest_non_vulnerable_version 14.3.3

Affected_by_vulnerabilities

url VCID-h5tc-nq5k-nfh4

vulnerability_id VCID-h5tc-nq5k-nfh4

summary Backend users who had access to the recycler module could delete arbitrary data from any database table defined in the TCA - regardless of whether they had permission to that particular table. This allowed attackers to purge and destroy critical site data, effectively rendering the website unavailable. This issue affects TYPO3 CMS versions 10.0.0-10.4.54, 11.0.0-11.5.48, 12.0.0-12.4.40, 13.0.0-13.4.22 and 14.0.0-14.0.1.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-59022

reference_id

reference_type

scores

value	0.00011
scoring_system	epss
scoring_elements	0.01377
published_at	2026-06-12T12:55:00Z

value	0.00011
scoring_system	epss
scoring_elements	0.0139
published_at	2026-06-14T12:55:00Z

value	0.00011
scoring_system	epss
scoring_elements	0.015
published_at	2026-06-11T12:55:00Z

value	0.00011
scoring_system	epss
scoring_elements	0.01386
published_at	2026-06-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-59022

reference_url

https://github.com/TYPO3/typo3

reference_id

reference_type

scores

value	7.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/TYPO3/typo3

reference_url

https://github.com/TYPO3/typo3/commit/336d6f165458a0ce32d8330999ab9ab6a5983d20

reference_id

336d6f165458a0ce32d8330999ab9ab6a5983d20

reference_type

scores

value	7.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-13T14:19:35Z/

url

https://github.com/TYPO3/typo3/commit/336d6f165458a0ce32d8330999ab9ab6a5983d20

reference_url

https://github.com/TYPO3/typo3/commit/a6604db66499710f72ae6e7006beb14ad0913aae

reference_id

a6604db66499710f72ae6e7006beb14ad0913aae

reference_type

scores

value	7.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-13T14:19:35Z/

url

https://github.com/TYPO3/typo3/commit/a6604db66499710f72ae6e7006beb14ad0913aae

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2025-59022

reference_id

CVE-2025-59022

reference_type

scores

value	7.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2025-59022

reference_url

https://github.com/TYPO3/typo3/commit/efb9528f9882ac924c40598ebd8508479e9950a3

reference_id

efb9528f9882ac924c40598ebd8508479e9950a3

reference_type

scores

value	7.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-13T14:19:35Z/

url

https://github.com/TYPO3/typo3/commit/efb9528f9882ac924c40598ebd8508479e9950a3

reference_url

https://github.com/advisories/GHSA-p52w-7rhw-9m67

reference_id

GHSA-p52w-7rhw-9m67

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-p52w-7rhw-9m67

reference_url

https://github.com/TYPO3/typo3/security/advisories/GHSA-p52w-7rhw-9m67

reference_id

GHSA-p52w-7rhw-9m67

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

value	7.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/TYPO3/typo3/security/advisories/GHSA-p52w-7rhw-9m67

reference_url

https://typo3.org/security/advisory/typo3-core-sa-2026-003

reference_id

typo3-core-sa-2026-003

reference_type

scores

value	7.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-13T14:19:35Z/

url

https://typo3.org/security/advisory/typo3-core-sa-2026-003

fixed_packages

url	pkg:composer/typo3/cms-recycler@13.4.23
purl	pkg:composer/typo3/cms-recycler@13.4.23
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-recycler@13.4.23

url	pkg:composer/typo3/cms-recycler@14.0.2
purl	pkg:composer/typo3/cms-recycler@14.0.2
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-recycler@14.0.2

aliases CVE-2025-59022, GHSA-p52w-7rhw-9m67

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-h5tc-nq5k-nfh4

Fixing_vulnerabilities

Risk_score 4.0

Resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-recycler@13.2.1

Package Instance