CVE-2025-25226

Name of the Vulnerable Software and Affected Versions: Joomla versions prior to 2.1.1 and 3.3.1

Description: The issue arises from improper handling of identifiers, leading to a SQL injection vulnerability in the quoteNameStr method of the database package. This method is protected and has no usages in the original packages in either the 2.x or 3.x branch, meaning the vulnerability cannot be exploited when using the original database class. However, classes extending the affected class might be affected if the vulnerable method is used.

Recommendations: For versions prior to 2.1.1 and 3.3.1, consider restricting the use of the quoteNameStr method in extended classes until a patch is available. As a temporary workaround, avoid using the quoteNameStr method in classes that extend the affected class to minimize the risk of exploitation.