CVE-2025-22213

Inadequate checks in the Media Manager allowed users with “edit” privileges to change file extension to arbitrary extension, including .php and other potentially executable extensions.

More information : https://developer.joomla.org/security-centre/961-20250301-core-malicious-file-uploads-via-media-managere-malicious-file-uploads-via-media-manager.html