Plattform
php
Komponente
typo3/cms-webhooks
Behoben in
12.0.1
13.0.1
12.4.31
CVE-2025-47936 describes a Server-Side Request Forgery (SSRF) vulnerability within the typo3/cms-webhooks component. This vulnerability allows attackers, specifically those with administrator-level backend user accounts, to potentially access internal resources. Affected versions include those prior to 12.4.31. A fix is available in TYPO3 versions 12.4.31 LTS and 13.4.12 LTS.
The SSRF vulnerability in typo3/cms-webhooks allows an attacker, possessing administrator-level backend user credentials, to craft malicious webhook requests. These requests can be directed towards internal resources that would normally be inaccessible from the outside. This could include accessing internal APIs, databases, or other sensitive services running on the same network as the TYPO3 CMS instance. Successful exploitation could lead to information disclosure, privilege escalation, or even remote code execution if the targeted internal services are vulnerable. While not a direct flaw in TYPO3 itself, it leverages the webhook functionality to bypass security boundaries.
This CVE was published on 2025-05-20. The vulnerability is not currently listed on the CISA KEV catalog. Public proof-of-concept exploits are not currently known, but the SSRF nature of the vulnerability means exploitation is likely possible. The requirement for administrator credentials limits the immediate exploitability, but a compromised admin account significantly increases the risk.
Organizations using TYPO3 CMS with the cms-webhooks component installed and configured, particularly those with administrator-level user accounts and exposed internal services, are at risk. Shared hosting environments where multiple TYPO3 instances share the same server resources are also at increased risk.
• php: Examine TYPO3 webhook configurations for suspicious URLs or internal resource references. Use grep to search for patterns indicative of SSRF attempts in TYPO3 logs.
• generic web: Monitor access logs for unusual outbound requests originating from the TYPO3 server, particularly those targeting internal IP addresses or services.
• linux / server: Use journalctl -u typo3 to check for error messages or unusual activity related to webhook processing. Implement auditd rules to monitor file access and modification within the TYPO3 installation directory.
disclosure
Exploit-Status
EPSS
0.17% (39% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation for CVE-2025-47936 is to immediately update TYPO3 CMS to version 12.4.31 or later. If an immediate upgrade is not feasible, consider implementing strict network segmentation to isolate internal resources from external access. Web Application Firewall (WAF) rules can be configured to filter outbound requests from the TYPO3 CMS instance, blocking requests to potentially sensitive internal addresses. Regularly review and restrict the permissions of backend user accounts to minimize the potential impact of a compromised account. After upgrade, confirm by verifying the cms-webhooks version is 12.4.31 or higher.
Aktualisieren Sie TYPO3 auf Version 12.4.31 LTS oder 13.4.12 LTS oder höher. Dieses Update behebt die Server Side Request Forgery (SSRF)-Schwachstelle in Webhooks. Es wird empfohlen, das Update so bald wie möglich durchzuführen, um das Risiko zu mindern.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2025-47936 is a Server-Side Request Forgery vulnerability in the typo3/cms-webhooks component, allowing attackers with admin access to target internal resources.
You are affected if you are using typo3/cms-webhooks versions prior to 12.4.31 or 13.4.12 and have administrator-level backend user accounts.
Update to TYPO3 versions 12.4.31 LTS or 13.4.12 LTS. Restrict network access and implement strict access controls as temporary mitigations.
As of the public disclosure date, there is no confirmed active exploitation of CVE-2025-47936, but it is considered a medium probability.
Refer to the TYPO3 security advisory for detailed information and updates: [https://typo3.org/security/advisory/typo3cms-vulnerabilities](https://typo3.org/security/advisory/typo3cms-vulnerabilities)
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.