Primary

Context

Joomla! Core Two-Factor Authentication Bypass Vulnerability

Vulnerability

Patched

A vulnerability exists in Joomla! CMS versions 4.0.0 through 4.4.12 and 5.0.0 through 5.2.5, allowing users to bypass two-factor authentication (2FA) checks. This issue arises from insufficient state checks, creating a vector for authentication bypass.

Impact

Exploitation of this vulnerability allows for authentication bypass, enabling users to circumvent two-factor authentication measures.

Remediation

Users can upgrade to Joomla! CMS version 4.4.13 or 5.2.6 to address this vulnerability.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

7.6

impact

5.0

exploitability

5.4

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

7.6

impact

5.0

exploitability

5.4

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Joomla! Core Two-Factor Authentication Bypass Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Joomla! CMS

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating