Race Condition Vulnerability in Adobe Commerce Software
CVE-2025-24430

4.2MEDIUM

Key Information:

Vendor
Adobe
Vendor
CVE Published:
11 February 2025

Summary

Adobe Commerce is affected by a Time-of-check Time-of-use (TOCTOU) race condition vulnerability that can allow an attacker to bypass security mechanisms. This vulnerability occurs when the system's check on a condition can be altered by an attacker after the check has been performed but before the condition is utilized. Successful exploitation of this vulnerability necessitates user interaction, providing an opportunity for potential exploitation if proper safeguards are not enforced. Organizations utilizing affected versions of Adobe Commerce are urged to review their security measures and stay updated with the vendor's recommendations.

Affected Version(s)

Adobe Commerce 0 <= 2.4.8-beta1

References

CVSS V3.1

Score:
4.2
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.