Incorrect Authorization in Adobe Commerce Products
CVE-2025-24421
4.3MEDIUM
Summary
Adobe Commerce versions up to 2.4.7-beta1 contain an Incorrect Authorization vulnerability that allows low-privileged attackers to bypass security features and perform unauthorized actions. This vulnerability does not require user interaction, making it critical for users of affected versions to apply necessary updates to mitigate potential exploits.
Affected Version(s)
Adobe Commerce 0 <= 2.4.4-p11
References
CVSS V3.1
Score:
4.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved