PT-2025-36691 · Typo3 Cms · Typo3/Cms
Mathias Brodala
+1
·
Published
2025-09-09
·
Updated
2025-09-09
·
CVE-2025-59015
CVSS v3.1
6.5
Medium
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions:
TYPO3 CMS versions 12.0.0 through 12.4.36
TYPO3 CMS versions 13.0.0 through 13.4.17
Description:
A deterministic three-character prefix in the Password Generation component reduces entropy, potentially enabling attackers to expedite brute-force attacks.
Recommendations:
Update TYPO3 CMS to a version later than 12.4.36.
Update TYPO3 CMS to a version later than 13.4.17.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Typo3/Cms