High severityNVD Advisory· Published Apr 8, 2025· Updated Apr 21, 2025
[20250402] - Joomla Core - MFA Authentication Bypass
CVE-2025-25227
Description
Insufficient state checks lead to a vector that allows to bypass 2FA checks.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
joomla/joomla-cmsPackagist | >= 5.0.0, < 5.2.6 | 5.2.6 |
joomla/joomla-cmsPackagist | >= 4.0.0, < 4.4.13 | 4.4.13 |
Affected products
1- Range: 4.0.0-4.4.12
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
3- developer.joomla.org/security-centre/964-20250402-core-mfa-authentication-bypass.htmlghsavendor-advisoryWEB
- github.com/advisories/GHSA-6423-85cc-8gf6ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2025-25227ghsaADVISORY
News mentions
0No linked articles in our index yet.