{"id":"CVE-2025-59016","details":"Error messages containing sensitive information in the File Abstraction Layer in TYPO3 CMS versions 9.0.0-9.5.54, 10.0.0-10.4.53, 11.0.0-11.5.47, 12.0.0-12.4.36, and 13.0.0-13.4.17 allow backend users to disclose full file paths via failed low-level file-system operations.","aliases":["GHSA-cvm2-5f78-g9m8"],"modified":"2026-04-10T05:31:41.241947Z","published":"2025-09-09T09:15:40.303Z","references":[{"type":"ADVISORY","url":"https://typo3.org/security/advisory/typo3-core-sa-2025-020"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/typo3/typo3.cms","events":[{"introduced":"36096733dea4bd6f6168209609fa879dc25c0138"},{"last_affected":"fa6ceeff93eb36ad5e8b36abe4ca2b1644706304"},{"introduced":"fd8745e46bb11773e85524b8ee9650dabe340713"},{"last_affected":"34025c4b1658dffd995206bbf507124b6e357e89"}],"database_specific":{"versions":[{"introduced":"12.0.0"},{"last_affected":"12.4.37"},{"introduced":"13.0.0"},{"last_affected":"13.4.18"}]}}],"versions":["v12.0.0","v12.1.0","v12.2.0","v12.3.0","v12.4.0","v12.4.1","v12.4.10","v12.4.11","v12.4.12","v12.4.13","v12.4.14","v12.4.15","v12.4.16","v12.4.17","v12.4.18","v12.4.19","v12.4.2","v12.4.20","v12.4.21","v12.4.22","v12.4.23","v12.4.24","v12.4.25","v12.4.26","v12.4.27","v12.4.28","v12.4.29","v12.4.3","v12.4.30","v12.4.31","v12.4.32","v12.4.33","v12.4.34","v12.4.35","v12.4.36","v12.4.37","v12.4.4","v12.4.5","v12.4.6","v12.4.7","v12.4.8","v12.4.9","v13.0.0","v13.1.0","v13.2.0","v13.2.1","v13.3.0","v13.4.0","v13.4.1","v13.4.10","v13.4.11","v13.4.12","v13.4.13","v13.4.14","v13.4.15","v13.4.16","v13.4.17","v13.4.18","v13.4.2","v13.4.3","v13.4.4","v13.4.5","v13.4.6","v13.4.7","v13.4.8","v13.4.9"],"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"9.0.0"},{"fixed":"9.5.55"}]},{"events":[{"introduced":"10.0.0"},{"last_affected":"10.4.54"}]},{"events":[{"introduced":"11.0.0"},{"last_affected":"11.5.48"}]}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-59016.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"}]}