CVE-2025-55757
BaseFortify
Publication date: 2025-10-25
Last updated on: 2025-10-27
Assigner: Joomla! Project
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| virtuemart | virtuemart | 4.6.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-55757 is an unauthenticated reflected cross-site scripting (XSS) vulnerability in VirtueMart versions 1.0.0 to 4.4.10 for Joomla. This means that an attacker can inject malicious scripts into web pages viewed by other users without needing to be logged in. The vulnerability arises from insufficient input filtering, which was addressed in VirtueMart version 4.6.0 by strengthening and permanently activating input filters to prevent such attacks. [1]
How can this vulnerability impact me? :
This vulnerability can allow attackers to execute malicious scripts in the browsers of users visiting a vulnerable VirtueMart site. This can lead to theft of user credentials, session hijacking, defacement of the website, or distribution of malware. Since the vulnerability is unauthenticated, attackers do not need any special access to exploit it, increasing the risk to site users and administrators. [1]
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, you should upgrade VirtueMart to version 4.6.0 or later, which includes enhanced input filtering functions that address the reflected XSS vulnerability. Note that version 4.6.0 is incompatible with Joomla 6, so plan accordingly. [1]