PatchSiren

PatchSiren cyber security CVE debrief

CVE-2018-25337 Unknown Vendor CVE debrief

CVE-2018-25337 describes a cross-site request forgery issue in Joomla JoomOCShop 1.0. A malicious page can cause an authenticated user’s browser to submit unwanted state-changing requests, including account edits and password-related actions, without the user’s consent.

Vendor
Unknown Vendor
Product
Unknown
CVSS
MEDIUM 5.3
CISA KEV
Not listed in stored evidence
Original CVE published
2026-05-17
Original CVE updated
2026-05-18
Advisory published
2026-05-17
Advisory updated
2026-05-18

Who should care

Administrators and security teams responsible for Joomla sites that use JoomOCShop 1.0, especially any deployment exposing account-management endpoints such as profile edit or password-reset flows.

Technical summary

The supplied record identifies CWE-352 (CSRF). The issue affects account-related endpoints and allows unauthorized actions to be performed through a victim’s authenticated session when the application does not adequately verify request intent. The source material specifically cites endpoints such as /joomoc2/?route=account/edit and describes modification of user information or password resets without consent.

Defensive priority

Medium priority for any environment still running JoomOCShop 1.0, because the flaw can alter account data through trusted browser sessions and may affect customer-facing account workflows.

Recommended defensive actions

  • Confirm whether JoomOCShop 1.0 is installed and in use on any Joomla instance.
  • Apply a vendor fix or upgrade to a version that explicitly addresses CSRF protection, if available.
  • Verify that all state-changing account endpoints require per-request CSRF tokens and reject missing or invalid tokens.
  • Review profile-edit and password-change/reset flows for server-side validation, not just client-side checks.
  • Temporarily disable or restrict access to affected account functions if no patched version is available.
  • Audit recent account changes for signs of unauthorized edits or password activity.
  • Add logging and alerting for unusual account-management requests originating from authenticated sessions.

Evidence notes

This debrief is based on the supplied NVD record and its referenced disclosure material. The record names Joomla JoomOCShop 1.0, classifies the weakness as CWE-352, and states that malicious HTML forms can target account endpoints to change user information or reset passwords. Vendor and product attribution in the supplied metadata is low-confidence, so the product identification should be treated carefully and validated against the installed extension.

Official resources

The supplied record shows the CVE published and modified on 2026-05-17. Use that timestamp as record metadata only; the source corpus does not establish the original flaw date. Corroborating references in the record include the Joomla JoomO