Typo3 Cms · Typo3/Cms · CVE-2025-59015
Name of the Vulnerable Software and Affected Versions:
TYPO3 CMS versions 12.0.0 through 12.4.36
TYPO3 CMS versions 13.0.0 through 13.4.17
Description:
A deterministic three-character prefix in the Password Generation component reduces entropy, potentially enabling attackers to expedite brute-force attacks.
Recommendations:
Update TYPO3 CMS to a version later than 12.4.36.
Update TYPO3 CMS to a version later than 13.4.17.