CVE-2025-25227

Published Apr 8, 2025

Last updated 21 days ago

CVSS high 7.5

Overview

Description: Insufficient state checks lead to a vector that allows to bypass 2FA checks.
Source: security@joomla.org
NVD status: Analyzed

Risk scores

CVSS 3.1

Type: Secondary
Base score: 7.5
Impact score: 3.6
Exploitability score: 3.9
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Severity: HIGH

Weaknesses

security@joomla.org: CWE-287
nvd@nist.gov: NVD-CWE-noinfo

Hype score: Not currently trending

CMSのJoomlaに関して、2件の脆弱性「CVE-2025-25227」「CVE-2025-25226」が明らかとなり脆弱性を修正したアップデートを提供。前者はSQLインジェクション、後者は多要素認証をバイパスする脆弱性。いずれも影響度の評価は高、一方重要度については中以下。
@karukaruit
12 Apr 2025
23 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:joomla:joomla\\!:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AFCB1A48-AFE1-458D-8179-74814FE4EBB3",
            "versionEndExcluding": "4.4.13",
            "versionStartIncluding": "4.0.0"
          },
          {
            "criteria": "cpe:2.3:a:joomla:joomla\\!:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "55CFCA35-829E-4EF5-A55E-64BBD4EB1A3F",
            "versionEndExcluding": "5.2.6",
            "versionStartIncluding": "5.0.0"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

References

Sources include official advisories and independent security research.

Overview

Risk scores

CVSS 3.1

Weaknesses

Social media

Configurations

References