How severe is CVE-2025-47937?

This vulnerability has a severity rating of LOW with a CVSS score of 3.7 out of 10.

What type of vulnerability is CVE-2025-47937?

This is classified as CWE-863, which is a common weakness in software security.

CVE-2025-47937 - LOW Severity | CVSS 3.7

Vulnerability Description

TYPO3 is an open source, PHP based web content management system. Starting in version 9.0.0 and prior to versions 9.5.51 ELTS, 10.4.50 ELTS, 11.5.44 ELTS, 12.4.31 LTS, and 13.4.12 LTS, when performing a database query involving multiple tables through the database abstraction layer (DBAL), frontend user permissions are only applied via `FrontendGroupRestriction` to the first table. As a result, data from additional tables included in the same query may be unintentionally exposed to unauthorized users. Users should update to TYPO3 version 9.5.51 ELTS, 10.4.50 ELTS, 11.5.44 ELTS, 12.4.31 LTS, or 13.4.12 LTS to fix the problem.

Related Vulnerabilities

CVE-2021-20429

LOW

CVSS:3.7(Low)

IBM QRadar User Behavior Analytics 1.0.0 through 4.1.0 could disclose sensitive information due an overly permissive cross-domain policy. IBM X-Force ID: 196334.

CWE-8632021

CVE-2024-23329

LOW

CVSS:3.7(Low)

changedetection.io is an open source tool designed to monitor websites for content changes. In affected versions the API endpoint `/api/v1/watch/<uuid>/history` can be accessed by any unauthorized use...

CWE-8632024

CVE-2024-43944

LOW

CVSS:3.7(Low)

Incorrect Authorization vulnerability in Yassine Idrissi Maintenance & Coming Soon Redirect Animation allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Maintenance & C...

CWE-8632024

CVE-2024-9654

LOW

CVSS:3.7(Low)

The Easy Digital Downloads plugin for WordPress is vulnerable to Improper Authorization in versions 3.1 through 3.3.4. This is due to a lack of sufficient validation checks within the 'verify_guest_em...

CWE-8632024

CVE-2020-6752

LOW

CVSS:3.8(Low)

In OMERO before 5.6.1, group owners can access members' data in other groups.

CWE-8632020

CVE-2022-0333

LOW

CVSS:3.8(Low)

A flaw was found in Moodle in versions 3.11 to 3.11.4, 3.10 to 3.10.8, 3.9 to 3.9.11 and earlier unsupported versions. The calendar:manageentries capability allowed managers to access or modify any ca...

CWE-8632022