SQL Injection Vulnerability in Joomla's Scheduled Tasks Component
CVE-2025-22207

6.7MEDIUM

Key Information:

Vendor: Joomla
Status: Joomla! Cms
Vendor: CVE Published:; 18 February 2025

What is CVE-2025-22207?

An improperly constructed order clause within the Joomla com_scheduler component allows attackers to manipulate SQL queries, leading to unauthorized access to sensitive data. This vulnerability can compromise the integrity of the system's backend task management, exposing it to potential exploitation if not addressed promptly.

Affected Version(s)

Joomla! CMS 4.1.0-4.4.10

Joomla! CMS 5.0.0-5.2.3

References

https://developer.joomla.org/security-centre/958-20250201...

vendor-advisory

CVSS V4

Score:

6.7

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 18, 2025
Vulnerability Reserved
Jan 1, 2025

Credit

Calum Hutton, snyk.io