CVE-2024-55894 is a Cross-Site Request Forgery (CSRF) vulnerability affecting the TYPO3 Content Management Framework, specifically its backend user interface functionality involving deep links. TYPO3 is an open-source CMS widely used for managing websites and web applications. The vulnerability arises because certain state-changing actions in downstream components, particularly the Backend User Module, incorrectly accept HTTP GET requests without enforcing the appropriate HTTP methods (such as POST). This flaw allows attackers to craft malicious URLs that, when visited by an authenticated backend user, can trigger unauthorized actions without their explicit consent. Exploitation requires the victim to have an active backend session and to be tricked into interacting with a malicious link, for example via email or a compromised website. The risk is heightened if specific security settings are misconfigured: if the `security.backend.enforceReferrer` feature is disabled and the `BE/cookieSameSite` setting is lax or none, the CSRF protections are weakened. Successful exploitation can lead to attackers initiating password resets for other backend users or terminating their sessions, potentially disrupting administrative control and user management. TYPO3 versions prior to 10.4.48, 11.5.42, 12.4.25, and 13.4.3 are affected, with patches available in these versions to remediate the issue. The CVSS v3.1 base score is 4.3 (medium severity), reflecting that the attack vector is network-based, requires no privileges but does require user interaction, and impacts integrity but not confidentiality or availability.

For European organizations using TYPO3 as their CMS, this vulnerability poses a moderate risk primarily to the integrity of backend administrative functions. Attackers could disrupt administrative operations by forcing password resets or terminating sessions of backend users, potentially leading to denial of administrative access or unauthorized changes if combined with other vulnerabilities or social engineering. While the vulnerability does not directly compromise data confidentiality or availability, the ability to manipulate backend user sessions can facilitate further attacks or administrative confusion. Organizations with misconfigured security settings (disabled referrer enforcement and lax SameSite cookie policies) are particularly vulnerable. Given TYPO3's popularity in Europe, especially among public sector, education, and medium-sized enterprises, exploitation could impact critical websites and services. However, exploitation requires user interaction and an active backend session, limiting the attack scope to authenticated backend users. No known exploits are currently reported in the wild, but the presence of a patch and public disclosure means attackers may attempt to develop exploits.

European organizations should immediately verify and update TYPO3 installations to the fixed versions: 10.4.48 or later, 11.5.42 or later, 12.4.25 or later, and 13.4.3 or later. Beyond patching, administrators should ensure that the `security.backend.enforceReferrer` setting is enabled to enforce strict referrer checks on backend requests. The `BE/cookieSameSite` configuration should be set to 'strict' to prevent cookies from being sent on cross-site requests, mitigating CSRF risks. Additionally, review backend user session management policies to detect unusual session terminations or password reset requests. Implement monitoring and alerting for backend user management activities. Educate backend users about the risks of clicking unsolicited links and encourage the use of multi-factor authentication to reduce the impact of compromised credentials. Finally, consider deploying Web Application Firewalls (WAFs) with rules to detect and block suspicious GET requests targeting backend modules.