CVE-2025-24856

An issue was discovered in the oidc aka OpenID Connect Authentication extension before 4.0.0 for TYPO3. The account linking logic allows a pre-hijacking attack, leading to Account Takeover. The attack can only be exploited if the following requirements are met: 1 an attacker can anticipate the...

CVE-2025-24856

An issue was discovered in the oidc aka OpenID Connect Authentication extension before 4.0.0 for TYPO3. The account linking logic allows a pre-hijacking attack, leading to Account Takeover. The attack can only be exploited if the following requirements are met: 1 an attacker can anticipate the...

CVE-2025-24856

TYPO3 OpenID Connect (oidc) extension vulnerability predates v4.0.0. The account linking logic allows a pre-hijacking attack: an attacker who can guess a user’s email, register a public frontend account with that email before the user’s first OIDC login, and rely on the IDP returning that email i...

CVE-2025-24856

An issue was discovered in the oidc aka OpenID Connect Authentication extension before 4.0.0 for TYPO3. The account linking logic allows a pre-hijacking attack, leading to Account Takeover. The attack can only be exploited if the following requirements are met: 1 an attacker can anticipate the...

CVE-2025-24856

An issue was discovered in the oidc aka OpenID Connect Authentication extension before 4.0.0 for TYPO3. The account linking logic allows a pre-hijacking attack, leading to Account Takeover. The attack can only be exploited if the following requirements are met: 1 an attacker can anticipate the...