CVE-2025-25228

Name of the Vulnerable Software and Affected Versions VirtueMart component versions 1.0.0 through 4.4.7 for Joomla

Description A SQL injection in the VirtueMart component for Joomla allows authenticated attackers, specifically administrators, to execute arbitrary SQL commands in the product management area in the backend. This issue enables attackers to potentially manipulate or extract sensitive data from the database.

Recommendations For VirtueMart component versions 1.0.0 through 4.4.7, update to a version later than 4.4.7 to resolve the SQL injection issue. As a temporary workaround, consider restricting access to the product management area in the backend to minimize the risk of exploitation.