CVE-2025-25227

CVE-2025-25227: [20250402] - Joomla Core - MFA Authentication Bypass

Vendor Joomla! Project
Product Joomla! CMS
Weakness CWE-287 · Improper authentication
Published April 8, 2025
Last update April 21, 2025
View on NVD All CVEs

CVSS base score

What the vulnerability does

Description

Insufficient state checks lead to a vector that allows to bypass 2FA checks.

Key dates

Disclosure timeline

April 8, 2025 CVE published
April 21, 2025 Record updated