EUVD-2025-18141
Code Injection (CWE-94)
2025-06-11
security@joomla.org
9.2
CVSS 4.0
Share
CVSS VectorNVD
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:N/SA:N/S:N/AU:N/RE:L/U:Clear
Attack Vector
Network
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
N
Lifecycle Timeline
3
EUVD ID Assigned
Mar 14, 2026 - 21:09 euvd
EUVD-2025-18141
Analysis Generated
Mar 14, 2026 - 21:09 vuln.today
CVE Published
Jun 11, 2025 - 20:15 nvd
CRITICAL 9.2
DescriptionNVD
Remote code execution vulnerability in RSForm!pro component 3.0.0 - 3.3.14 for Joomla was discovered. The issue occurs within the submission export feature and requires administrative access to the export feature.
AnalysisAI
A remote code execution vulnerability (CVSS 9.2). Critical severity with potential for significant impact on affected systems.
Technical ContextAI
CWE-94 (Code Injection). CVSS 9.2 indicates critical severity with likely remote exploitation vector.
RemediationAI
Monitor vendor channels for patch availability. Implement input validation and WAF rules as interim mitigation.
Share
External POC / Exploit Code
Leaving vuln.today
Destination URL
POC code from unknown sources may be malicious, contain backdoors, or be fake.
Always review and test exploit code in a safe, isolated environment (VM/sandbox).
Verify the source reputation and cross-reference with known databases (Exploit-DB, GitHub Security).