Race Condition Vulnerability in Adobe Commerce Software
CVE-2025-24430

3.7LOW

Key Information:

Vendor: Adobe
Status: Adobe Commerce
Vendor: CVE Published:; 11 February 2025

What is CVE-2025-24430?

Adobe Commerce is affected by a Time-of-check Time-of-use (TOCTOU) race condition vulnerability that can allow an attacker to bypass security mechanisms. This vulnerability occurs when the system's check on a condition can be altered by an attacker after the check has been performed but before the condition is utilized. Successful exploitation of this vulnerability necessitates user interaction, providing an opportunity for potential exploitation if proper safeguards are not enforced. Organizations utilizing affected versions of Adobe Commerce are urged to review their security measures and stay updated with the vendor's recommendations.

Affected Version(s)

Adobe Commerce 0 <= 2.4.8-beta1

References

https://helpx.adobe.com/security/products/magento/apsb25-...

vendor-advisory

CVSS V3.1

Score:

3.7

Severity:

LOW

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 11, 2025
Vulnerability Reserved
Jan 21, 2025