How to fix EUVD-2025-32533?

Within 24 hours: Identify all affected systems running Joomla module mod_vvisit_counter and apply vendor patches immediately. Validate that input sanitization is in place for all user-controlled parameters.

Is Joomla affected by EUVD-2025-32533?

Organizations using Joomla module mod_vvisit_counter face critical risk from CVE-2025-40636, a SQL injection vulnerability rated CVSS 9.3. Successful exploitation could allow attackers to execute arbitrary code or commands on affected systems, potentially leading to full system compromise.

EUVD-2025-32533

| CVE-2025-40636 CRITICAL

2025-10-03 [email protected]

9.3

CVSS 4.0

CVSS Vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Lifecycle Timeline

EUVD ID Assigned

Mar 13, 2026 - 19:29 euvd

EUVD-2025-32533

Analysis Generated

Mar 13, 2026 - 19:29 vuln.today

CVE Published

Oct 03, 2025 - 12:15 nvd

CRITICAL 9.3

Description

SQL injection vulnerability in Joomla module mod_vvisit_counter v2.0.4j3. This vulnerability allows an attacker to retrieve database content via the ‘cip_vvisitcounter’ cookie at all endpoints where the plugin counts visits.

Analysis

SQL injection in Joomla mod_vvisit_counter v2.0.4j3.

Technical Context

CWE-89.

Affected Products

['mod_vvisit_counter v2.0.4j3']

Remediation

Update.

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.0

CVSS: +46

POC: 0

EUVD-2025-32533 vulnerability details – vuln.today

Back

EUVD-2025-32533

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Share

EUVD-2025-32533

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Share

External POC / Exploit Code