Home > Vulnerability Database > CVE-2025-25226

Mend.io Vulnerability Database

CVE-2025-25226

Good to know:

Date: April 8, 2025

Improper handling of identifiers lead to a SQL injection vulnerability in the quoteNameStr method of the database package. Please note: the affected method is a protected method. It has no usages in the original packages in neither the 2.x nor 3.x branch and therefore the vulnerability in question can not be exploited when using the original database class. However, classes extending the affected class might be affected, if the vulnerable method is used.

Severity Score

9.8

Related Resources (4)

Url: https://nvd.nist.gov/vuln/detail/CVE-2025-25226

Url: https://developer.joomla.org/security-centre/963-20250401-framework-sql-injection-vulnerability-in-quotenamestr-method-of-database-package.html

Url: https://github.com/joomla-framework/database

Url: https://www.mend.io/vulnerability-database/CVE-2025-25226

Severity Score

9.8

Weakness Type (CWE)

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

CWE-89

Top Fix

Upgrade Version

Upgrade to version https://github.com/joomla-framework/database.git - 3.4.0;https://github.com/joomla-framework/database.git - 2.2.0

Learn More

CVSS v3.1

Base Score:	9.8
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2025-25226

Good to know:

Date: April 8, 2025

Severity Score

Related Resources (4)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?