Arbitrary File Extension Vulnerability in Joomla Media Manager
CVE-2025-22213

7.1HIGH

Key Information:

Vendor
Joomla
Vendor
CVE Published:
11 March 2025

Summary

A vulnerability within the Joomla Media Manager allows users with editing privileges to change file extensions to arbitrary formats, including .php and other executable extensions. This flaw can potentially lead to unauthorized file uploads, increasing the risk of malicious code execution and compromising server security. Proper input validation measures must be reinforced to prevent such security breaches.

Affected Version(s)

Joomla! CMS 4.0.0-4.4.11

Joomla! CMS 5.0.0-5.2.4

References

CVSS V4

Score:
7.1
Severity:
HIGH
Confidentiality:
Low
Integrity:
High
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
Physical
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

ErPaciocco
.