CVE-2025-22213

Summary

Inadequate checks in the Media Manager allowed users with "edit" privileges to change file extension to arbitrary extension, including .php and other potentially executable extensions.

Affected Software

VendorProductVersion RangeStatus
Joomla! ProjectJoomla! CMS4.0.0-4.4.11affected
Joomla! ProjectJoomla! CMS5.0.0-5.2.4affected

Weaknesses

  • CWE-434: CWE-434 Unrestricted Upload of File with Dangerous Type

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References