Cyber Posture

CVE-2025-22204

CriticalRCE

Published: 04 February 2025

Published
04 February 2025
Modified
04 June 2025
KEV Added
Patch
CVSS Score 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0748 91.8th percentile
Risk Priority 24 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-22204 is a critical-severity Code Injection (CWE-94) vulnerability in Regularlabs Sourcerer. Its CVSS base score is 9.8 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 8.2% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 RA-5 (Vulnerability Monitoring and Scanning) and SI-2 (Flaw Remediation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploit Public-Facing Application (T1190). What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match
prevent

SI-2 requires timely flaw remediation, directly addressing this RCE vulnerability by mandating upgrades to Sourcerer extension version 11.0.0 or later.

SI-10 Information Input Validation partial match
prevent

SI-10 enforces input validation to mitigate code injection (CWE-94) from improper code generation control in the Sourcerer extension.

RA-5 Vulnerability Monitoring and Scanning good match
detect

RA-5 enables vulnerability scanning to identify the outdated Sourcerer extension vulnerable to this RCE prior to exploitation.

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
attack.mitre.org →
Why these techniques?

The CVE describes a remote code execution vulnerability in a public-facing Joomla extension that can be exploited by unauthenticated attackers over the network, directly mapping to exploitation of public-facing applications for initial access.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

Improper control of generation of code in the sourcerer extension for Joomla in versions before 11.0.0 lead to a remote code execution vulnerability.

Deeper analysisAI

CVE-2025-22204 is a remote code execution vulnerability stemming from improper control of code generation (CWE-94) in the Sourcerer extension for Joomla, affecting versions prior to 11.0.0. Published on 2025-02-04, the issue carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating critical severity due to its potential for high-impact compromise across confidentiality, integrity, and availability.

The vulnerability can be exploited by unauthenticated remote attackers with network access, requiring low complexity and no user interaction. Exploitation enables arbitrary code execution on the affected Joomla instance, granting attackers full control over the server hosting the extension.

Mitigation requires upgrading the Sourcerer extension to version 11.0.0 or later. Additional details are available from the vendor at https://regularlabs.com/sourcerer.

Details

CWE(s)
CWE-94

Affected Products

regularlabs
sourcerer
≤ 11.0.0

CVEs Like This One

CVE-2025-23209Shared CWE-94
CVE-2026-39440Shared CWE-94
CVE-2026-3300Shared CWE-94
CVE-2025-6389Shared CWE-94
CVE-2025-8723Shared CWE-94
CVE-2025-34277Shared CWE-94
CVE-2025-57141Shared CWE-94
CVE-2024-48818Shared CWE-94
CVE-2025-10679Shared CWE-94
CVE-2025-9321Shared CWE-94

References