Insufficient Entropy

CVE-2025-59015

Medium

6.3/10

Summary

A deterministic three character prefix in the Password Generation component of TYPO3 CMS versions from 12.x through 12.4.36 and 13.x through 13.4.17 reduces entropy, allowing attackers to carry out Brute Force attacks more quickly.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: LOW
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: NONE
Confidentiality Impact: LOW
Availability Impact: NONE

CWE-331 - Insufficient Entropy

The software uses an algorithm or scheme that produces insufficient entropy, leaving patterns or clusters of values that are more likely to occur than others.

References

Advisory
Advisory

Advisory Timeline

Published Sep 09, 2025

Insufficient Entropy

CVE-2025-59015

Summary

CWE-331 - Insufficient Entropy

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS