CVE-2025-59015

Summary

A deterministic three‑character prefix in the Password Generation component of TYPO3 CMS versions 12.0.0–12.4.36 and 13.0.0–13.4.17 reduces entropy, allowing attackers to carry out brute‑force attacks more quickly.

Affected Software

VendorProductVersion RangeStatus
TYPO3TYPO3 CMS12.0.0 < 12.4.37affected
TYPO3TYPO3 CMS13.0.0 < 13.4.18affected

Weaknesses

  • CWE-331: CWE-331 Insufficient Entropy

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References