Joomla! 3.9.25 Security Release announced

joomla support cheshire manchester merseyside north west ukRelease date: 2 March 2021.

Joomla! 3.9.25 is a SECURITY FIX which addresses NINE vulnerabilities.

This release continues to improve support for PHP 8 (released in November 2020).

See the Release Notes at the link below.

Read more: Joomla! 3.9.25 Release News.

 

Addressed Vulnerabilities

Low Severity

Low Impact - Insecure randomness within 2FA secret generation (affecting Joomla! 3.2.0 through 3.9.24).
Low Impact - Potential Insecure FOFEncryptRandval (affecting Joomla! 3.2.0 through 3.9.24).
Low Impact - Input validation within the template manager (affecting Joomla! 3.2.0 through 3.9.24).

Moderate Impact - XSS within alert messages showed to users (affecting Joomla! 2.5.0 through 3.9.24).
Moderate Impact - XSS within the feed parser library (affecting Joomla! 2.5.0 through 3.9.24).
Moderate Impact - com_media allowed paths that are not intended for image uploads (affecting Joomla! 3.0.0 through 3.9.24).
Moderate Impact - ACL violation within com_content frontend editing (affecting Joomla! 3.0.0 through 3.9.24).
Moderate Impact - Path Traversal within joomla/archive zip class (affecting Joomla! 3.0.0 through 3.9.24).
Moderate Impact - Inadequate filtering of form contents could allow to overwrite the author field (affecting Joomla! 1.6.0 through 3.9.24).

 

Back up before updating is highly recommended

Protect your assets.

Perform a FULL backup of your website (database and files) BEFORE updating the Joomla! CMS and/or its extensions.

Read more: How to back up your website.

Read more: How to update your Joomla! CMS & its extensions.

 

Make Joomla! CMS Security YOUR #1 Priority

joomla support cheshire manchester merseyside north west ukWe offer Joomla! coaching, help and support to businesses and organisations across Cheshire, Manchester, Merseyside, North West England & the UK.

Learn how to manage Joomla! website security.