CVE-2025-30085 CRITICAL

CVE-2025-30085: Extension - rsjoomla.com - Remote code execution vulnerability in RSForm!pro component 3.0.0 - 3.3.14 for Joomla

Vendor Rsjoomla.com
Product RSform!Pro component for Joomla
Weakness CWE-94 · Code injection
Published June 11, 2025
Last update June 12, 2025

CVSS base score

9.2/10
Attack vector Network
Attack complexity Low
Privileges required High
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:N/SA:N/S:N/AU:N/RE:L/U:Clear

What the vulnerability does

01Description

Remote code execution vulnerability in RSForm!pro component 3.0.0 - 3.3.14 for Joomla was discovered. The issue occurs within the submission export feature and requires administrative access to the export feature.

Explanation of Vulnerability in Simple Terms

02Summary

RSform!Pro for Joomla contains a code injection vulnerability in versions 3.0.0 through 3.3.14. An authenticated administrator can inject and execute arbitrary PHP code on the site. This requires high-level admin access but allows complete site compromise once exploited.

What an attacker can do

03Attacker Capabilities

Run arbitrary PHP code on the site with full server privileges.

Potential impact on your site

04Site Impact

A compromised admin account can execute malicious code, steal data, modify content, or take the site offline.

Conditions required to exploit

05Prerequisites

Attacker must have administrator-level access to the Joomla site.

Key dates

06Disclosure timeline

June 11, 2025 CVE published
June 12, 2025 Record updated

Related vulnerabilities

08Related CVE