Developer Network™ - Project: Joomla!
- SubProject: CMS
- Impact: High
- Severity: Moderate
- Probability: Moderate
- Versions: 4.0.0 - 4.4.12, 5.0.0 - 5.2.5
- Exploit type: Authentication Bypass
- Reported Date: 2025-03-20
- Fixed Date: 2025-04-08
- CVE Number: CVE-2025-25227
Description
Insufficient state checks lead to a vector that allows to bypass 2FA checks.
Affected Installs
Joomla! CMS versions: 1.0.0-2.1.1, 3.0.0-3.3.1
Solution
Upgrade to version 4.4.13 or 5.2.6
Contact
The JSST at the Joomla! Security Centre.
Reported By: Undisclosed Reporter