Arbitrary File Extension Vulnerability in Joomla Media Manager
CVE-2025-22213

7.1HIGH

Key Information:

Vendor: Joomla
Status: Joomla! Cms
Vendor: CVE Published:; 11 March 2025

What is CVE-2025-22213?

A vulnerability within the Joomla Media Manager allows users with editing privileges to change file extensions to arbitrary formats, including .php and other executable extensions. This flaw can potentially lead to unauthorized file uploads, increasing the risk of malicious code execution and compromising server security. Proper input validation measures must be reinforced to prevent such security breaches.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Joomla! CMS 4.0.0-4.4.11

Joomla! CMS 5.0.0-5.2.4

References

https://developer.joomla.org/security-centre/961-20250301...

vendor-advisory

CVSS V4

Score:

7.1

Severity:

HIGH

Confidentiality:

Low

Integrity:

High

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

None

Timeline

Vulnerability published
Mar 11, 2025
Vulnerability Reserved
Jan 1, 2025

Credit

ErPaciocco

JSON

Joomla