Primary

Context

Joomla! Passkey Authentication User Enumeration Vulnerability

Vulnerability

Patched

A user enumeration vulnerability has been identified in the passkey authentication method of Joomla! CMS. This issue arises from improper handling of authentication requests, allowing for the enumeration of users.

Impact

Exploitation of this vulnerability allows for user enumeration, which could be used to gather information about valid usernames in the system.

Remediation

Users are advised to upgrade to Joomla! CMS versions 4.4.14 or 5.3.4.

Added: Sep 30, 2025, 4:24 PM

Updated: Sep 30, 2025, 6:24 PM

Vulnerability Rating

Custom Algorithm

spread

7.6

impact

0.6

exploitability

7.6

remediation

7.7

relevance

0.6

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

7.6

impact

0.6

exploitability

7.6

remediation

7.7

relevance

0.6

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Joomla! Passkey Authentication User Enumeration Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Joomla! CMS

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating