CVE-2025-59015 | THREATINT

Description

A deterministic three‑character prefix in the Password Generation component of TYPO3 CMS versions 12.0.0–12.4.36 and 13.0.0–13.4.17 reduces entropy, allowing attackers to carry out brute‑force attacks more quickly.

PUBLISHED Reserved 2025-09-07 | Published 2025-09-09 | Updated 2025-09-09 | Assigner TYPO3

MEDIUM: 6.3CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

Problem types

CWE-331 Insufficient Entropy

Product status

Default status

unaffected

12.0.0 (semver) before 12.4.37

affected

13.0.0 (semver) before 13.4.18

affected

Credits

Mathias Brodala reporter

Oliver Hader remediation developer

References

typo3.org/security/advisory/typo3-core-sa-2025-019 vendor-advisory

cve.org (CVE-2025-59015)

nvd.nist.gov (CVE-2025-59015)

Download JSON