CVE-2025-30085 | THREATINT

Description

Remote code execution vulnerability in RSForm!pro component 3.0.0 - 3.3.14 for Joomla was discovered. The issue occurs within the submission export feature and requires administrative access to the export feature.

PUBLISHED Reserved 2025-03-16 | Published 2025-06-11 | Updated 2025-06-12 | Assigner Joomla

CRITICAL: 9.2CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:N/SA:N/S:N/AU:N/RE:L/U:Clear

Problem types

CWE-94 Improper Control of Generation of Code ('Code Injection')

Product status

Default status

unaffected

3.0.0-3.3.14

affected

Credits

Kamil Szczurowski finder

Robert Kruczek finder

References

rsjoomla.com/ product

cve.org (CVE-2025-30085)

nvd.nist.gov (CVE-2025-30085)

Download JSON