CVE-2025-54477
BaseFortify
Publication date: 2025-09-30
Last updated on: 2025-10-02
Assigner: Joomla! Project
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| joomla | joomla! | 5.3.0 |
| joomla | joomla! | 4.0.0 |
| joomla | joomla! | 5.0.0 |
| joomla | joomla! | 4.4.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-203 | The product behaves differently or sends different responses under different circumstances in a way that is observable to an unauthorized actor, which exposes security-relevant information about the state of the product, such as whether a particular operation was successful or not. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-54477 is a vulnerability in Joomla! CMS where improper handling of authentication requests in the passkey authentication method allows an attacker to perform user enumeration. This means an attacker can identify valid usernames by analyzing the system's responses during authentication attempts. [1]
How can this vulnerability impact me? :
This vulnerability can impact you by allowing attackers to discover valid usernames on your Joomla! CMS site, which can be used as a first step in targeted attacks such as password guessing or phishing. Although the severity is low and the probability of exploitation is low, it still poses a moderate impact risk to user account security. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by attempting authentication requests using the passkey authentication method and analyzing the system's responses for differences that reveal valid usernames. Specific commands are not provided, but testing authentication attempts and monitoring response variations can help identify user enumeration. [1]
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, immediately upgrade Joomla! CMS to versions 4.4.14 or 5.3.4 or later, where the issue has been fixed. [1]