CVE-2025-59015

A deterministic three‑character prefix in the Password Generation component of TYPO3 CMS versions 12.0.0–12.4.36 and 13.0.0–13.4.17 reduces entropy, allowing attackers to carry out brute‑force attacks more quickly.

CVSS

No CVSS.

References

Link	Resource
https://typo3.org/security/advisory/typo3-core-sa-2025-019

Configurations

No configuration.

History

09 Sep 2025, 09:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-09-09 09:15

Updated : 2025-09-09 16:28

NVD link : CVE-2025-59015

Mitre link : CVE-2025-59015

CVE.ORG link : CVE-2025-59015

JSON object : View

Products Affected

No product.

CWE

CWE-331

Insufficient Entropy

{"id": "CVE-2025-59015", "cveTags": [], "metrics": {"cvssMetricV40": [{"type": "Secondary", "source": "f4fb688c-4412-4426-b4b8-421ecf27b14a", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 6.3, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "HIGH", "attackRequirements": "PRESENT", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2025-09-09T09:15:40.057", "references": [{"url": "https://typo3.org/security/advisory/typo3-core-sa-2025-019", "source": "f4fb688c-4412-4426-b4b8-421ecf27b14a"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "f4fb688c-4412-4426-b4b8-421ecf27b14a", "description": [{"lang": "en", "value": "CWE-331"}]}], "descriptions": [{"lang": "en", "value": "A deterministic three\u2011character prefix in the Password Generation component of TYPO3 CMS versions 12.0.0\u201312.4.36 and 13.0.0\u201313.4.17 reduces entropy, allowing attackers to carry out brute\u2011force attacks more quickly."}], "lastModified": "2025-09-09T16:28:43.660", "sourceIdentifier": "f4fb688c-4412-4426-b4b8-421ecf27b14a"}

CVE-2025-59015

JSON object

Attach tags to CVE-2025-59015

Attach tags to `CVE-2025-59015`