CVE-2024-40749

CVE-2024-40749 is an improper access controls vulnerability (CWE-284) affecting the Joomla CMS core component. It enables unauthorized access to protected views across multiple core views. The issue carries a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N), indicating high severity primarily due to confidentiality impact.

Unauthenticated attackers with network access can exploit this vulnerability with low complexity and no user interaction required. Exploitation grants read access to sensitive data protected by access control lists, resulting in high confidentiality loss without impacting integrity or availability.

The official advisory from the Joomla Security Centre (https://developer.joomla.org/security-centre/956-20250103-core-read-acl-violation-in-multiple-core-views.html), published around January 3, 2025, provides details on the core read ACL violation and guidance for mitigation, including patches for affected Joomla versions. Security practitioners should review the advisory for version-specific remediation steps.