CVE-2025-54477

CVE-2025-54477: Joomla! Core - [20250902] User-Enumeration in passkey authentication method

Vendor Joomla! Project

Product Joomla! CMS

Weakness CWE-203

Published September 30, 2025

Last update October 1, 2025

CVSS base score

—

What the vulnerability does

Description

Improper handling of authentication requests lead to a user enumeration vector in the passkey authentication method.

Key dates

September 30, 2025 CVE published

October 1, 2025 Record updated

CVE CVE-2025-54477

CWE CWE-203

Vendor Joomla! Project

Product Joomla! CMS

Affected 4.0.0-4.4.13

Vendor Joomla! Project

Product Joomla! CMS

Affected 5.0.0-5.3.3