Joomla 5.2.5 security release

On Tuesday, March 11, 2025, Joomla 5.2.5 was released. This is a security release that fixes a security issue in Joomla 5.x related to the Media Manager.

Fixed security issue

This security update fixes a security issue in Joomla's Media Manager:

• [20250301] - Core - Malicious file uploads via Media Manager

Due to insufficient checks in the Media Manager, users logged into the back-end with "create" permissions could upload and create executable PHP files. This meant they could potentially upload and run harmful code.

Fixed bugs and improvements in Joomla 5.2.5

• Fix set front editing option from CLI after installation (#44978)
• Redesign carousel implementation to reflect documentation - bug fix (#44951)
• com_contact: Send Copy to Submitter does not work anymore (#44947)
• Disable compatibility plugin for system tests (#44944)
• Add border to the last element in media breadcrumbs (#44937)
• PHP Deprecated: trim(): Passing null to parameter #1 ($string) of type string is deprecated (#44934)
• Set column alias for BannerTable, fix warning on Save As Copy (#44932)
• Translation update (#44933)

A full list of fixed issues can be found on GitHub: https://github.com/joomla/joomla-cms/milestone/139?closed=1

This is expected to be the last release in the Joomla 5.2 series. The release of Joomla 5.3 is planned for Tuesday, April 15, 2025. Upgrading from Joomla 5.2 to Joomla 5.3 will be a regular update.

Need help updating or migrating to Joomla 5.2? Contact us.