TYPO3 Missing Authorization Vulnerability - CVE-2025-59021

Backend users with access to the redirects module and write permission on the sys_redirect table were able to read create and modify any redirect record without restriction to the users own file-mounts or web-mounts. This allowed attackers to insert or alter redirects pointing to arbitrary URLs facilitating phishing or other malicious redirect attacks. This issue affects TYPO3 CMS versions 10.0.0-10.4.54 11.0.0-11.5.48 12.0.0-12.4.40 13.0.0-13.4.22 and 14.0.0-14.0.1.