CVE-2025-54476 MEDIUM

CVE-2025-54476: Joomla! Core - [20250901] Inadequate content filtering within the checkAttribute filter code

Vendor Joomla! Project

Product Joomla! CMS

Weakness CWE-79 · XSS

Published September 30, 2025

Last update October 1, 2025

CVSS base score

4.8/10

Attack vector Network

Attack complexity Low

Privileges required High

User interaction —

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

What the vulnerability does

Description

Improper handling of input could lead to an XSS vector in the checkAttribute method of the input filter framework class.

Key dates

September 30, 2025 CVE published

October 1, 2025 Record updated

CVE CVE-2025-54476

CWE CWE-79

CVSS 4.8 / MEDIUM

Vendor Joomla! Project

Product Joomla! CMS

Affected 3.0.0-3.10.20

Vendor Joomla! Project

Product Joomla! CMS

Affected 4.0.0-4.4.13

Vendor Joomla! Project

Product Joomla! CMS

Affected 5.0.0-5.3.3