CVE-2025-30085 PUBLISHED

Extension - rsjoomla.com - Remote code execution vulnerability in RSForm!pro component 3.0.0 - 3.3.14 for Joomla

Assigner: Joomla
Reserved: 16.03.2025 Published: 11.06.2025 Updated: 12.06.2025

Remote code execution vulnerability in RSForm!pro component 3.0.0 - 3.3.14 for Joomla was discovered. The issue occurs within the submission export feature and requires administrative access to the export feature.

Metrics

CVSS Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:N/SA:N/S:N/AU:N/RE:L/U:Clear
CVSS Score: 9.2

Product Status

Vendor rsjoomla.com
Product RSform!Pro component for Joomla
Versions Default: unaffected
  • Version 3.0.0-3.3.14 is affected

Credits

  • Kamil Szczurowski finder
  • Robert Kruczek finder

References

Problem Types

  • CWE-94 Improper Control of Generation of Code ('Code Injection') CWE