Home

Description

Improper handling of authentication requests lead to a user enumeration vector in the passkey authentication method.

PUBLISHED Reserved 2025-07-23 | Published 2025-09-30 | Updated 2025-10-01 | Assigner Joomla

Problem types

CWE-203 Observable Discrepancy

Product status

Default status
unaffected

4.0.0-4.4.13
affected

5.0.0-5.3.3
affected

Credits

Marco Schubert finder

References

developer.joomla.org/...n-passkey-authentication-method.html vendor-advisory

cve.org (CVE-2025-54477)

nvd.nist.gov (CVE-2025-54477)

Download JSON