What is the CVSS score of CVE-2025-32466?

CVE-2025-32466 has a CVSS 4.0 base score of 6.7 (Medium). CVSS vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/S:N/AU:N/RE:L/U:Clear. EPSS exploitation probability: 0.1%.

Which versions of Joomla are affected by CVE-2025-32466?

CVE-2025-32466 presents notable security risk, a SQL injection vulnerability rated CVSS 6.7. Exploitation could allow attackers to execute code or inject malicious input.

How to fix or mitigate CVE-2025-32466?

Within 30 days: Identify affected systems and apply vendor patches as part of regular patch cycle. Validate input sanitization for user-controlled parameters.

Joomla CVE-2025-32466

EUVD-2025-18142 MEDIUM

SQL Injection (CWE-89)

2025-06-11 security@joomla.org

SQLi Joomla

6.7

CVSS 4.0

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/S:N/AU:N/RE:L/U:Clear

Attack Vector

Network

Attack Complexity

Low

Privileges Required

High

User Interaction

Scope

Lifecycle Timeline

EUVD ID Assigned

Mar 14, 2026 - 21:09 euvd

EUVD-2025-18142

Analysis Generated

Mar 14, 2026 - 21:09 vuln.today

CVE Published

Jun 11, 2025 - 20:15 nvd

MEDIUM 6.7

DescriptionNVD

A SQL injection vulnerability in RSMediaGallery! component 1.7.4 - 2.1.7 for Joomla was discovered. The issue occurs within the dashboard component, where user-supplied input is not properly sanitized before being stored and rendered. An attacker can inject malicious JavaScript code into text fields or other input points, which is subsequently executed in the browser of any user who clicks on the crafted text in the dashboard.

Analysis

Technical ContextAI

SQL injection occurs when user-supplied input is incorporated into SQL queries without proper sanitization or parameterized queries.

RemediationAI

Use parameterized queries or prepared statements. Apply input validation and escape special characters. Implement least-privilege database accounts.

CVE-2025-32466 vulnerability details – vuln.today

Back