CVE-2025-25227

High CVSS: 7.5

Insufficient state checks lead to a vector that allows to bypass 2FA checks.

Vendor

Product

CWE

Yayın Tarihi

2025-04-08 17:15:35

Güncelleme

2025-06-04 20:49:45

Source Identifier

security@joomla.org

KEV Date Added

CWE-287 Joomla\! HIGH Joomla 2025

https://developer.joomla.org/security-centre/964-20250402-core-mfa-authentication-bypass.html

Medium

CVE-2025-63082

Lack of input filtering leads to an XSS vector in the HTML filter code related to data URLs in img tags.

Medium

CVE-2025-63083

Lack of output escaping leads to a XSS vector in the pagebreak plugin.

Critical

CVE-2025-25226

Improper handling of identifiers lead to a SQL injection vulnerability in the quoteNameStr method of the database packag…

Medium

CVE-2024-40747

Various module chromes didn't properly process inputs, leading to XSS vectors.

High

CVE-2024-40748

Lack of output escaping in the id attribute of menu lists.

High

CVE-2024-40749

Improper Access Controls allows access to protected views.