Arbitrary File Extension Vulnerability in Joomla Media Manager
CVE-2025-22213

7.1HIGH

Key Information:

Vendor: Joomla
Status: Joomla! Cms
Vendor: CVE Published:; 11 March 2025

Summary

A vulnerability within the Joomla Media Manager allows users with editing privileges to change file extensions to arbitrary formats, including .php and other executable extensions. This flaw can potentially lead to unauthorized file uploads, increasing the risk of malicious code execution and compromising server security. Proper input validation measures must be reinforced to prevent such security breaches.

Affected Version(s)

Joomla! CMS 4.0.0-4.4.11

Joomla! CMS 5.0.0-5.2.4

References

https://developer.joomla.org/security-centre/961-20250301...

vendor-advisory

CVSS V4

Score:

7.1

Severity:

HIGH

Confidentiality:

Low

Integrity:

High

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

None

Timeline

Vulnerability published
Mar 11, 2025
Vulnerability Reserved
Jan 1, 2025

Credit

ErPaciocco