CVE-2025-59015

MEDIUM6.5EPSS 0.06%

TYPO3 CMS uses insufficient entropy when generating passwords

發布日:2025/9/9修改日:2025/9/10

描述

A deterministic three‑character prefix in the Password Generation component of TYPO3 CMS versions 12.0.0–12.4.36 and 13.0.0–13.4.17 reduces entropy, allowing attackers to carry out brute‑force attacks more quickly.

受影響套件(1)

Packagist/typo3/cms-core>= 12.0.0, < 12.4.37

CVSS 分數

來源	版本	嚴重程度	向量
osv	CVSS 4.0	—	CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
osv	CVSS 3.1	MEDIUM6.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

參考連結(4)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2025-59015
PATCHhttps://github.com/TYPO3-CMS/core
WEBhttps://github.com/TYPO3-CMS/core/commit/d2057cc7b2c2db417a2af38c30cb9da42302ab70
WEBhttps://typo3.org/security/advisory/typo3-core-sa-2025-019