CVE-2025-22204
Published: 04 February 2025
Summary
CVE-2025-22204 is a critical-severity Code Injection (CWE-94) vulnerability in Regularlabs Sourcerer. Its CVSS base score is 9.8 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 8.0% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 RA-5 (Vulnerability Monitoring and Scanning) and SI-2 (Flaw Remediation).
Deeper analysis
The vulnerability is an instance of improper control of code generation, tracked as CWE-94, that affects the Sourcerer extension for Joomla in all versions prior to 11.0.0. The flaw received a CVSS 3.1 base score of 9.8, reflecting network-accessible attack vectors that require no authentication or user interaction and result in complete loss of confidentiality, integrity, and availability.
An unauthenticated attacker with network reachability can supply crafted input that causes the extension to generate and execute arbitrary PHP code on the underlying Joomla server, thereby achieving remote code execution and full control of the affected site and its data.
The sole reference points to the vendor site regularlabs.com/sourcerer, which distributes version 11.0.0 that resolves the issue; administrators should upgrade the extension to that release or later. The associated EPSS score has remained flat at 0.0748 with no observed increase since publication.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-2665
Vulnerability details
Improper control of generation of code in the sourcerer extension for Joomla in versions before 11.0.0 lead to a remote code execution vulnerability.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The CVE describes a remote code execution vulnerability in a public-facing Joomla extension that can be exploited by unauthenticated attackers over the network, directly mapping to exploitation of public-facing applications for initial access.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
SI-2 requires timely flaw remediation, directly addressing this RCE vulnerability by mandating upgrades to Sourcerer extension version 11.0.0 or later.
SI-10 enforces input validation to mitigate code injection (CWE-94) from improper code generation control in the Sourcerer extension.
RA-5 enables vulnerability scanning to identify the outdated Sourcerer extension vulnerable to this RCE prior to exploitation.