Joomla! 2.5 Security Update Fixes Vulnerabilities
The first of these is caused by an unspecified programming error which could have allowed a malicious user to gain escalated privileges. The other hole is an error in random number generation when resetting passwords that could be exploited by an attacker to change a user’s password.
Versions 2.5.0 to 2.5.2 as well as all 1.7.x and 1.6.x releases are affected. The developers advise all users to upgrade to 2.5.3 to fix these problems. More details about the update can be found in the official release announcement and in the security advisories. Joomla! 2.5.3 is available to download from the project’s site and is licensed under the GPL.