CVE-2025-25227Improper Authentication in Joomla !

CWE-287Improper Authentication5 documents5 sources
Severity
7.5HIGHNVD
EPSS
0.0%
top 99.62%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Joomla !Joomla Joomla-cmsJoomla! Project Joomla! CMS
Timeline
PublishedApr 8

Description

Insufficient state checks lead to a vector that allows to bypass 2FA checks.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages3 packages

NVDjoomla/joomla_!4.0.04.4.13+1
Packagistjoomla/joomla-cms5.0.05.2.6+1
CVEListV5joomla!_project/joomla!_cms4.0.0-4.4.12, 5.0.0-5.2.5+1

🔴Vulnerability Details

3
CVEList
[20250402] - Joomla Core - MFA Authentication Bypass2025-04-08
OSV
Joomla CMS Multi-Factor Authentication Bypass2025-04-08
GHSA
Joomla CMS Multi-Factor Authentication Bypass2025-04-08
CVE-2025-25227 — Improper Authentication in Joomla ! | cvebase