How severe is CVE-2025-47936?

This vulnerability has a severity rating of LOW with a CVSS score of 3.3 out of 10.

What type of vulnerability is CVE-2025-47936?

This is classified as CWE-918, which is a common weakness in software security.

CVE-2025-47936 - LOW Severity | CVSS 3.3

Vulnerability Description

TYPO3 is an open source, PHP based web content management system. In versions on the 12.x branch prior to 12.4.31 LTS and the 13.x branch prior to 13.4.2 LTS, Webhooks are inherently vulnerable to Cross-Site Request Forgery (CSRF), which can be exploited by adversaries to target internal resources (e.g., localhost or other services on the local network). While this is not a vulnerability in TYPO3 itself, it may enable attackers to blindly access systems that would otherwise be inaccessible. An administrator-level backend user account is required to exploit this vulnerability. Users should update to TYPO3 version 12.4.31 LTS or 13.4.12 LTS to fix the problem.

Related Vulnerabilities

CVE-2020-14328

LOW

CVSS:3.3(Low)

A flaw was found in Ansible Tower in versions before 3.7.2. A Server Side Request Forgery flaw can be abused by supplying a URL which could lead to the server processing it connecting to internal serv...

CWE-9182020

CVE-2025-29446

LOW

CVSS:3.3(Low)

open-webui v0.5.16 is vulnerable to SSRF in routers/ollama.py in function verify_connection.

CWE-9182025

CVE-2023-26442

LOW

CVSS:3.2(Low)

In case Cacheservice was configured to use a sproxyd object-storage backend, it would follow HTTP redirects issued by that backend. An attacker with access to a local or restricted network with the ca...

CWE-9182023

CVE-2016-6001

LOW

CVSS:3.1(Low)

IBM Forms Experience Builder could be susceptible to a server-side request forgery (SSRF) from the application design interface allowing for some information disclosure of internal resources.

CWE-9182016

CVE-2023-26438

LOW

CVSS:3.1(Low)

External service lookups for a number of protocols were vulnerable to a time-of-check/time-of-use (TOCTOU) weakness, involving the JDK DNS cache. Attackers that were timing DNS cache expiry correctly ...

CWE-9182023

CVE-2024-43379

LOW

CVSS:3.1(Low)

TruffleHog is a secrets scanning tool. Prior to v3.81.9, this vulnerability allows a malicious actor to craft data in a way that, when scanned by specific detectors, could trigger the detector to make...

CWE-9182024