Race Condition Vulnerability in Adobe Commerce Products
CVE-2025-24432

4.2MEDIUM

Key Information:

Vendor
Adobe
Vendor
CVE Published:
11 February 2025

Summary

Adobe Commerce versions 2.4.7-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are susceptible to a time-of-check time-of-use (TOCTOU) race condition vulnerability, allowing a potential security feature bypass. This occurs when an attacker is able to exploit the timing difference between checking a condition and using it, which could potentially compromise security mechanisms. Successful exploitation requires user interaction, emphasizing the need for awareness and preventive measures to safeguard affected Adobe Commerce installations.

Affected Version(s)

Adobe Commerce 0 <= 2.4.8-beta1

References

CVSS V3.1

Score:
4.2
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.