Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2025-59015

A deterministic three‑character prefix in the Password Generation component of TYPO3 CMS versions 12.0.0–12.4.36 and 13.0.0–13.4.17 reduces entropy, allowing attackers to carry out brute‑force attacks more quickly.

Published

2025-09-09T09:15:40.057

Last Modified

2025-09-10T13:42:59.310

Status

Analyzed

Source

f4fb688c-4412-4426-b4b8-421ecf27b14a

Severity

CVSSv3.1: 6.5 (MEDIUM)

Weaknesses

Type: Secondary
CWE-331

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	typo3	typo3	< 12.4.37	Yes
Application	typo3	typo3	< 13.4.18	Yes

References

https://typo3.org/security/advisory/typo3-core-sa-2025-019 Vendor Advisory (f4fb688c-4412-4426-b4b8-421ecf27b14a)