How severe is CVE-2025-24856?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 4.2 out of 10.

What type of vulnerability is CVE-2025-24856?

This is classified as CWE-348, which is a common weakness in software security.

CVE-2025-24856 - MEDIUM Severity | CVSS 4.2

Vulnerability Description

An issue was discovered in the oidc (aka OpenID Connect Authentication) extension before 4.0.0 for TYPO3. The account linking logic allows a pre-hijacking attack, leading to Account Takeover. The attack can only be exploited if the following requirements are met: (1) an attacker can anticipate the e-mail address of the user, (2) an attacker can register a public frontend user account using that e-mail address before the user's first OIDC login, and (3) the IDP returns an email field containing the e-mail address of the user,

Related Vulnerabilities

CVE-2024-10977

LOW

CVSS:3.7(Low)

Client use of server error message in PostgreSQL allows a server not trusted under current SSL or GSS settings to furnish arbitrary non-NUL bytes to the libpq application. For example, a man-in-the-mi...

CWE-3482024

CVE-2022-44593

MEDIUM

CVSS:5.3(Medium)

Use of Less Trusted Source vulnerability in SolidWP Solid Security allows HTTP DoS.This issue affects Solid Security: from n/a through 9.3.1.

CWE-3482022

CVE-2022-4529

MEDIUM

CVSS:5.3(Medium)

The Security, Antivirus, Firewall – S.A.F plugin for WordPress is vulnerable to IP Address Spoofing in versions up to, and including, 2.3.5. This is due to insufficient restrictions on where the IP Ad...

CWE-3482022

CVE-2022-4533

MEDIUM

CVSS:5.3(Medium)

The Limit Login Attempts Plus plugin for WordPress is vulnerable to IP Address Spoofing in versions up to, and including, 1.1.0. This is due to insufficient restrictions on where the IP Address inform...

CWE-3482022

CVE-2022-4534

MEDIUM

CVSS:5.3(Medium)

The Limit Login Attempts (Spam Protection) plugin for WordPress is vulnerable to IP Address Spoofing in versions up to, and including, 5.3. This is due to insufficient restrictions on where the IP Add...

CWE-3482022

CVE-2022-4536

MEDIUM

CVSS:5.3(Medium)

The IP Vault – WP Firewall plugin for WordPress is vulnerable to IP Address Spoofing in versions up to, and including, 1.1. This is due to insufficient restrictions on where the IP Address information...

CWE-3482022