Password Generation Component Flaw in TYPO3 CMS by TYPO3
CVE-2025-59015

6.3MEDIUM

Key Information:

Vendor: Typo3
Status: Typo3 Cms
Vendor: CVE Published:; 9 September 2025

What is CVE-2025-59015?

A flaw in the Password Generation component of TYPO3 CMS versions 12.0.0 to 12.4.36 and 13.0.0 to 13.4.17 reduces the entropy of generated passwords due to a predictable three-character prefix. This vulnerability allows attackers to accelerate brute-force attacks, compromising the security of user accounts more efficiently.

Affected Version(s)

TYPO3 CMS 12.0.0 < 12.4.37

TYPO3 CMS 13.0.0 < 13.4.18

References

https://typo3.org/security/advisory/typo3-core-sa-2025-019

vendor-advisory

CVSS V4

Score:

6.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

High

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 9, 2025
Vulnerability Reserved
Sep 7, 2025

Credit

Mathias Brodala

Oliver Hader

JSON