CVE-2025-25225

MEDIUM

Hikashop <5.1.3 - Privilege Escalation

Title source: llm

Description

A privilege escalation vulnerability in the Hikashop component versions 1.0.0-5.1.3 for Joomla allows authenticated attackers (administrator) to escalate their privileges to Super Admin Permissions.

References (2)

Core 2

Core References

Product product

https://www.hikashop.com/

Third Party Advisory third-party-advisory

https://github.com/AdamWallwork/CVEs/tree/main/2025/CVE-2025-25225

View Writeup ZIP pw:eip

Scores

CVSS v3 6.5

EPSS 0.0002

EPSS Percentile 5.8%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-284

Status published

Products (1)

hikashop/hikashop 1.0.0 - 5.1.3

Published Mar 15, 2025

Tracked Since Feb 18, 2026