{ "affected": [ { "database_specific": { "unresolved_ranges": [ { "events": [ { "introduced": "9.0.0" }, { "fixed": "9.5.55" } ] }, { "events": [ { "introduced": "10.0.0" }, { "last_affected": "10.4.54" } ] }, { "events": [ { "introduced": "11.0.0" }, { "last_affected": "11.5.48" } ] } ] }, "ranges": [ { "database_specific": { "versions": [ { "introduced": "12.0.0" }, { "last_affected": "12.4.37" }, { "introduced": "13.0.0" }, { "last_affected": "13.4.18" } ] }, "events": [ { "introduced": "36096733dea4bd6f6168209609fa879dc25c0138" }, { "last_affected": "fa6ceeff93eb36ad5e8b36abe4ca2b1644706304" }, { "introduced": "fd8745e46bb11773e85524b8ee9650dabe340713" }, { "last_affected": "34025c4b1658dffd995206bbf507124b6e357e89" } ], "repo": "https://github.com/typo3/typo3.cms", "type": "GIT" } ] } ], "details": "Error messages containing sensitive information in the File Abstraction Layer in TYPO3 CMS versions 9.0.0-9.5.54, 10.0.0-10.4.53, 11.0.0-11.5.47, 12.0.0-12.4.36, and 13.0.0-13.4.17 allow backend users to disclose full file paths via failed low-level file-system operations.", "id": "CVE-2025-59016", "modified": "2026-03-10T21:48:07.377324087Z", "published": "2025-09-09T09:15:40.303Z", "references": [ { "type": "ADVISORY", "url": "https://typo3.org/security/advisory/typo3-core-sa-2025-020" } ], "severity": [ { "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "type": "CVSS_V3" } ] }