CVE Vulnerabilities

CVE-2025-25227

Improper Authentication

Published: Apr 08, 2025 | Modified: Jun 04, 2025
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
RedHat/V2
RedHat/V3
Ubuntu

Insufficient state checks lead to a vector that allows to bypass 2FA checks.

Weakness

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

Affected Software

Name Vendor Start Version End Version
Joomla! Joomla 4.0.0 (including) 4.4.13 (excluding)
Joomla! Joomla 5.0.0 (including) 5.2.6 (excluding)

Potential Mitigations

References