diff --git a/typo3/sysext/core/Classes/Security/ContentSecurityPolicy/UriValue.php b/typo3/sysext/core/Classes/Security/ContentSecurityPolicy/UriValue.php
index 3dd292a00428a91bc47a0fcb9ada9a72294c4246..ed460a49e65c5a6fa17ff673f24979aea6a55087 100644
--- a/typo3/sysext/core/Classes/Security/ContentSecurityPolicy/UriValue.php
+++ b/typo3/sysext/core/Classes/Security/ContentSecurityPolicy/UriValue.php
@@ -28,6 +28,7 @@ use TYPO3\CMS\Core\Http\Uri;
 final class UriValue extends Uri implements \Stringable, EqualityInterface, CoveringInterface, SourceInterface
 {
     private string $domainName = '';
+    private bool $entireWildcard = false;
     private bool $domainWildcard = false;
 
     public static function fromUri(UriInterface $other): self
@@ -37,6 +38,9 @@ final class UriValue extends Uri implements \Stringable, EqualityInterface, Cove
 
     public function __toString(): string
     {
+        if ($this->entireWildcard) {
+            return '*';
+        }
         if ($this->domainName !== '') {
             return ($this->domainWildcard ? '*.' : '') . $this->domainName;
         }
@@ -53,6 +57,10 @@ final class UriValue extends Uri implements \Stringable, EqualityInterface, Cove
         if (!$other instanceof self) {
             return false;
         }
+        // `*` matches anything
+        if ($this->entireWildcard) {
+            return true;
+        }
         // `*.example.com` or `example.com`
         if ($this->domainName !== '') {
             if ($this->domainWildcard) {
@@ -87,6 +95,10 @@ final class UriValue extends Uri implements \Stringable, EqualityInterface, Cove
 
     protected function parseUri(string $uri): void
     {
+        if ($uri === '*') {
+            $this->entireWildcard = true;
+            return;
+        }
         parent::parseUri($uri);
         // ignore fragments per default
         $this->fragment = '';
diff --git a/typo3/sysext/core/Tests/Unit/Security/ContentSecurityPolicy/UriValueTest.php b/typo3/sysext/core/Tests/Unit/Security/ContentSecurityPolicy/UriValueTest.php
index 5a6063a99946a47969d800af9b208749c1e5e8af..a9382743fbd001428e93208cffb4689cbdafdfff 100644
--- a/typo3/sysext/core/Tests/Unit/Security/ContentSecurityPolicy/UriValueTest.php
+++ b/typo3/sysext/core/Tests/Unit/Security/ContentSecurityPolicy/UriValueTest.php
@@ -40,6 +40,7 @@ final class UriValueTest extends UnitTestCase
         yield ['//www.typo3.org'];
         yield ['www.typo3.org'];
         yield ['*.typo3.org'];
+        yield ['*'];
 
         // expected behavior, falls back to upstream parserÂ´
         // (since e.g. query-param is given, which is not expected here in the scope of CSP with `UriValue`)
@@ -83,6 +84,7 @@ final class UriValueTest extends UnitTestCase
         yield ['example.com/path', 'example.com/path', true];
         yield ['example.com/path', 'example.com/other', false];
         yield ['*.example.com', '*.example.com', true];
+        yield ['*', '*.example.com', true];
 
         yield ['https://example.com/', 'https://example.com/path/file.css', true];
         yield ['example.com', 'https://example.com/path/file.css', true];
@@ -94,6 +96,7 @@ final class UriValueTest extends UnitTestCase
         yield ['*.sub.example.com', 'example.com', false];
         yield ['sub.example.com', '*.example.com', false];
         yield ['*.sub.example.com', '*.example.com', false];
+        yield ['*.example.com', '*', false];
     }
 
     /**