Race Condition Vulnerability in Adobe Commerce Software
CVE-2025-24430

4.2MEDIUM

Key Information:

Vendor: Adobe
Status: Adobe Commerce
Vendor: CVE Published:; 11 February 2025

Summary

Adobe Commerce is affected by a Time-of-check Time-of-use (TOCTOU) race condition vulnerability that can allow an attacker to bypass security mechanisms. This vulnerability occurs when the system's check on a condition can be altered by an attacker after the check has been performed but before the condition is utilized. Successful exploitation of this vulnerability necessitates user interaction, providing an opportunity for potential exploitation if proper safeguards are not enforced. Organizations utilizing affected versions of Adobe Commerce are urged to review their security measures and stay updated with the vendor's recommendations.

Affected Version(s)

Adobe Commerce 0 <= 2.4.8-beta1

References

https://helpx.adobe.com/security/products/magento/apsb25-...

vendor-advisory

CVSS V3.1

Score:

4.2

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Feb 11, 2025
Vulnerability Reserved
Jan 21, 2025