High severity7.5NVD Advisory· Published Jan 22, 2009· Updated Apr 23, 2026

CVE-2009-0255

Description

The System extension Install tool in TYPO3 4.0.0 through 4.0.9, 4.1.0 through 4.1.7, and 4.2.0 through 4.2.3 creates the encryption key with an insufficiently random seed, which makes it easier for attackers to crack the key.

Affected products

TYPO3/Typo3
cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*
Range: >=4.0,<4.0.10
Debian/Debian Linux
cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

secunia.com/advisories/33617nvdBroken LinkVendor Advisory
secunia.com/advisories/33679nvdBroken LinkVendor Advisory
typo3.org/teams/security/security-bulletins/typo3-sa-2009-001/nvdVendor Advisory
www.securityfocus.com/bid/33376nvdBroken LinkThird Party AdvisoryVDB Entry
exchange.xforce.ibmcloud.com/vulnerabilities/48132nvdThird Party AdvisoryVDB Entry
www.debian.org/security/2009/dsa-1711nvdMailing List

News mentions

No linked articles in our index yet.

cvss	0.488
epss	0.004
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000