CVE-2025-24856

CVSS 3.1 Score 4.2 of 10 (medium)

Details

Published Mar 16, 2025

CWE ID 348

Summary

CVE-2025-24856 is a vulnerability affecting the OpenID Connect Authentication (oidc) extension before version 4.0.0 in TYPO3. This issue enables a pre-hijacking attack, resulting in Account Takeover. The attacker must meet specific conditions to exploit this vulnerability: they must anticipate the user's email address, register a public frontend user account using that address before the user's first login, and have the IDP return the user's email address. This weakness can lead to unauthorized account access and potential data breaches.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

OpenID Connect

Affected Vendors

Open ID

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/2zHgIW
https://www.cve.org/CVERecord?id=CVE-2025-24856
https://nvd.nist.gov/vuln/detail/CVE-2025-24856

Back to Vulnerability Database

Platform Features

Products

Use Cases

Teams

Industries

Services

Measuring the US-China AI Gap

TerraStealerV2 and TerraLogger: Golden Chickens' New Malware Families Discovered

Uncovering MintsLoader With Recorded Future Malware Intelligence Hunting

Know What Matters

For Customers

For Partners