Improper Authorization Vulnerability in Adobe Commerce
CVE-2025-24409
9.1CRITICAL
Summary
Adobe Commerce versions 2.4.7-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, and 2.4.4-p11, along with earlier versions, are susceptible to a vulnerability that enables attackers to bypass security measures due to improper authorization controls. This flaw could potentially allow unauthorized access, posing risks to both confidentiality and data integrity. Importantly, exploiting this vulnerability does not necessitate any user interaction, thereby increasing the threat profile for affected systems.
Affected Version(s)
Adobe Commerce 0 <= 2.4.8-beta1
References
CVSS V3.1
Score:
9.1
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved