Vulnerability in Typo3 Cms

CVE-2025-59015

A deterministic three‑character prefix in the Password Generation component of TYPO3 CMS versions 12.0.0–12.4.36 and 13.0.0–13.4.17 reduces entropy, allowing attackers to carry out brute‑force attacks more quickly.

EPSS: 0.001 (17.7th percentile) — read the EPSS interpretation.

Affected products

Typo3 Cms — versions 12.0.0, 13.0.0

Weakness classification (CWE)

CWE-331 — Insufficient Entropy

References

typo3.org/security/advisory/typo3-core-sa-2025-019 (vendor-advisory)