CVE-2024-55893 is a Cross-Site Request Forgery (CSRF) vulnerability affecting the backend user interface of TYPO3, a widely used open-source Content Management Framework. The vulnerability arises due to improper enforcement of HTTP methods and insufficient CSRF protections in backend components, particularly involving deep link functionality and downstream modules such as the Log Module. Specifically, state-changing actions incorrectly accept HTTP GET requests without verifying the request's origin or enforcing stricter HTTP methods like POST. This flaw allows an attacker to craft malicious URLs that, when visited by an authenticated backend user, can trigger unauthorized actions such as deletion of log entries. Successful exploitation requires the victim to have an active backend session and to be tricked into clicking a malicious link or visiting a compromised website. The risk is exacerbated if certain TYPO3 security settings are misconfigured: if the `security.backend.enforceReferrer` feature is disabled and the `BE/cookieSameSite` attribute is set to lax or none, the CSRF protections are weakened, increasing attack feasibility. TYPO3 versions prior to 10.4.48, 11.5.42, 12.4.25, and 13.4.3 are affected. The vulnerability has a CVSS 3.1 base score of 4.3 (medium severity), reflecting that exploitation requires user interaction but can lead to integrity loss by unauthorized modification of backend data (e.g., log deletion). There are no known workarounds, and users are strongly advised to upgrade to the fixed versions. No known exploits are currently reported in the wild. This vulnerability highlights the importance of strict HTTP method enforcement and CSRF protections in web application backends, especially for administrative interfaces.

For European organizations using TYPO3 as their content management framework, this vulnerability poses a moderate risk primarily to the integrity of backend data and audit trails. Attackers exploiting this flaw could delete or manipulate log entries, potentially covering tracks of malicious activities or disrupting incident response processes. While confidentiality and availability impacts are minimal, the integrity compromise can hinder forensic investigations and compliance with regulatory requirements such as GDPR, which mandates accurate logging and auditability. Since exploitation requires an authenticated backend user to be tricked into clicking a malicious link, the threat is more significant in environments where backend users have elevated privileges and where security awareness is low. The lack of known exploits reduces immediate risk, but the vulnerability's presence in multiple TYPO3 LTS versions means many European public sector, educational, and private organizations relying on TYPO3 could be affected if they do not patch promptly. Misconfiguration of security settings common in some deployments further increases exposure. Overall, the impact is moderate but non-negligible, especially for organizations with strict compliance and audit requirements.

1. Immediate upgrade to TYPO3 versions 11.5.42 ELTS, 12.4.25 LTS, or 13.4.3 LTS, or later, as these contain the official patches addressing the CSRF vulnerability. 2. Review and enforce backend security configurations: enable `security.backend.enforceReferrer` to ensure requests originate from trusted sources and set `BE/cookieSameSite` to 'strict' to prevent cookies from being sent with cross-site requests. 3. Conduct a thorough audit of backend user privileges to minimize the number of users with access to sensitive backend functions, reducing the attack surface. 4. Implement user training and awareness programs to reduce the risk of users clicking on malicious links, emphasizing phishing and social engineering risks. 5. Monitor backend logs for suspicious activities, especially unexpected deletions or modifications of log entries, and consider implementing additional logging mechanisms external to TYPO3 to maintain audit integrity. 6. If immediate patching is not feasible, restrict backend access via network controls such as VPNs or IP whitelisting to limit exposure to potentially malicious external sites. 7. Regularly review and update security policies to ensure best practices in web application security, including CSRF protections and HTTP method enforcement.