vulnerability

Joomla!: [20250301] - Core - Malicious file uploads via Media Manager (CVE-2025-22213)

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
7	(AV:N/AC:M/Au:M/C:P/I:C/A:P)	Mar 12, 2025	Mar 12, 2025	Jan 19, 2026

Severity

CVSS

(AV:N/AC:M/Au:M/C:P/I:C/A:P)

Published

Mar 12, 2025

Added

Mar 12, 2025

Modified

Jan 19, 2026

Description

Inadequate checks in the Media Manager allowed users with "edit" privileges to change file extension to arbitrary extension, including .php and other potentially executable extensions.

Solutions

joomla-upgrade-4_4_12joomla-upgrade-5_2_5

References

CVE-2025-22213
https://attackerkb.com/topics/CVE-2025-22213
CWE-434
URL-http://developer.joomla.org/security-centre/961-20250301-core-malicious-file-uploads-via-media-manager.html

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today