9.8

CVSS Score

3.1

Basic Information

CVE ID

CVE-2025-25226

GHSA ID

GHSA-44v2-prcf-pc3m

EPSS Score

0.0009%

CWE

CWE-89

Published

4/8/2025

Updated

4/9/2025

KEV Status

Technology

PHP

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2025-25226

CVE-2025-25226: Joomla Framework Database Package Vulnerable to SQL Injection

Improper handling of identifiers lead to a SQL injection vulnerability in the quoteNameStr method of the database package. Please note: the affected method is a protected method. It has no usages in the original packages in neither the 2.x nor 3.x branch and therefore the vulnerability in question can not be exploited when using the original database class. However, classes extending the affected class might be affected, if the vulnerable method is used.

(GitHub Advisory)

9.8

CVSS Score

3.1

Basic Information

CVE ID

CVE-2025-25226

GHSA ID

GHSA-44v2-prcf-pc3m

EPSS Score

0.0009%

CWE

CWE-89

Published

4/8/2025

Updated

4/9/2025

KEV Status

Technology

PHP

Technical Details

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
joomla/database	composer	>= 3.0.0, < 3.4.0	3.4.0
joomla/database	composer	>= 1.0.0, < 2.2.0	2.2.0

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability description and the provided commit patches clearly point to the quoteNameStr method in src/DatabaseDriver.php as the source of the SQL injection vulnerability. The patches for both version branches (2.x and 3.x) show the same change: the internal logic of quoteNameStr for quoting string parts is removed and replaced with a call to quoteNameString. This strongly suggests that the original implementation of quoteNameStr was vulnerable. The advisory mentions that this is a protected method and might not be directly exploitable in the original package but could be in extending classes. The function signature includes the namespace Joomla\Database\DatabaseDriver as it would appear in a profiler for PHP applications.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

Improp*r **n*lin* o* i**nti*i*rs l*** to * SQL inj**tion vuln*r**ility in t** quot*N*m*Str m*t*o* o* t** **t***s* p**k***. Pl**s* not*: t** *****t** m*t*o* is * prot**t** m*t*o*. It **s no us***s in t** ori*in*l p**k***s in n*it**r t** *.x nor *.x *r

Reasoning

T** vuln*r**ility **s*ription *n* t** provi*** *ommit p*t***s *l**rly point to t** `quot*N*m*Str` m*t*o* in `sr*/**t***s**riv*r.p*p` *s t** sour** o* t** SQL inj**tion vuln*r**ility. T** p*t***s *or *ot* v*rsion *r*n***s (*.x *n* *.x) s*ow t** s*m* *

9.8

Basic Information

Concerned about an active attack path?

CVE-2025-25226: Joomla Framework Database Package Vulnerable to SQL Injection

9.8

Basic Information

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability Intelligence
Miggo AI