CVE-2025-22213

Published Mar 11, 2025

Last updated 24 days ago

CVSS high 7.1

Overview

Description
Inadequate checks in the Media Manager allowed users with "edit" privileges to change file extension to arbitrary extension, including .php and other potentially executable extensions.
Source
security@joomla.org
NVD status
Received

Risk scores

CVSS 4.0

Type
Secondary
Base score
7.1
Impact score
-
Exploitability score
-
Vector string
CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:L/VI:H/VA:L/SC:L/SI:H/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:X/V:X/RE:X/U:X
Severity
HIGH

Weaknesses

security@joomla.org
CWE-434

Social media

Hype score
Not currently trending

  1. 🚨 CVE-2025-22213 🔴 HIGH (7.1) 🏢 Joomla! Project - Joomla! CMS 🏗️ 4.0.0-4.4.11 🔗 https://t.co/IfJvExEGEV #CyberCron #VulnAlert #InfoSec https://t.co/S4VsMnkUkj

    @cybercronai

    12 Mar 2025

    20 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

References