TYPO3 Incorrect Authorization Vulnerability - CVE-2025-47937

TYPO3 is an open source PHP based web content management system. Starting in version 9.0.0 and prior to versions 9.5.51 ELTS 10.4.50 ELTS 11.5.44 ELTS 12.4.31 LTS and 13.4.12 LTS when performing a database query involving multiple tables through the database abstraction layer (DBAL) frontend user permissions are only applied via FrontendGroupRestriction to the first table. As a result data from additional tables included in the same query may be unintentionally exposed to unauthorized users. Users should update to TYPO3 version 9.5.51 ELTS 10.4.50 ELTS 11.5.44 ELTS 12.4.31 LTS or 13.4.12 LTS to fix the problem.