Improper Access Control in Adobe Commerce Products
CVE-2025-24424

8.1HIGH

Key Information:

Vendor
Adobe
Status
Adobe Commerce
Vendor
CVE Published:
11 February 2025

Summary

Adobe Commerce versions 2.4.7-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are vulnerable due to an improper access control issue. This flaw may allow a low-privileged attacker to bypass inherent security mechanisms without needing user interaction, potentially leading to unauthorized access. Organizations using affected versions should review security measures and apply appropriate updates to mitigate risks.

Affected Version(s)

Adobe Commerce 0 <= 2.4.8-beta1

References

https://helpx.adobe.com/security/products/magento/apsb25-...
vendor-advisory

CVSS V3.1

Score:
8.1
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
🍪 This website uses cookies, like every other website on the internet 😕 By using our website, you consent to the use of cookies.