Developer Network™

Download
Launch

Security Announcements

[20250902] - Core - User-Enumeration in passkey authentication method

  • Project: Joomla!
  • SubProject: CMS
  • Impact: Moderate
  • Severity: Low
  • Probability: Low
  • Versions: 4.0.0-4.4.13, 5.0.0-5.3.3
  • Exploit type: User Enumeration
  • Reported Date: 2025-09-04
  • Fixed Date: 2025-09-30
  • CVE Number: CVE-2025-54477

Description

Improper handling of authentication requests lead to a user enumeration vector in the passkey authentication method.

Affected Installs

Joomla! CMS versions 4.0.0-4.4.13, 5.0.0-5.3.3

Solution

Upgrade to version 4.4.14 or 5.3.4

Contact

The JSST at the Joomla! Security Centre.

Reported By:  Marco Schubert