CVE-2025-25227: Joomla CMS Multi-Factor Authentication Bypass

April 8, 2025 (updated April 9, 2025)

Insufficient state checks lead to a vector that allows to bypass 2FA checks.

References

developer.joomla.org/security-centre/964-20250402-core-mfa-authentication-bypass.html
github.com/advisories/GHSA-6423-85cc-8gf6
github.com/joomla/joomla-cms
nvd.nist.gov/vuln/detail/CVE-2025-25227

Code Behaviors & Features

Detect and mitigate CVE-2025-25227 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →