vulnerability

Joomla!: [20250301] - Core - Malicious file uploads via Media Manager (CVE-2025-22213)

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
8	(AV:N/AC:L/Au:N/C:C/I:N/A:N)	Mar 12, 2025	Mar 12, 2025	Mar 13, 2025

Severity

CVSS

(AV:N/AC:L/Au:N/C:C/I:N/A:N)

Published

Mar 12, 2025

Added

Mar 12, 2025

Modified

Mar 13, 2025

Description

Inadequate checks in the Media Manager allowed users with "edit" privileges to change file extension to arbitrary extension, including .php and other potentially executable extensions.

Solution(s)

joomla-upgrade-4_4_12joomla-upgrade-5_2_5

References

CVE-2025-22213
https://attackerkb.com/topics/CVE-2025-22213
URL-http://developer.joomla.org/security-centre/961-20250301-core-malicious-file-uploads-via-media-manager.html

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today