Cross-Site Request Forgery Vulnerability in Adobe Commerce
CVE-2025-27189

4.3MEDIUM

Key Information:

Vendor: Adobe
Status: Adobe Commerce
Vendor: CVE Published:; 8 April 2025

What is CVE-2025-27189?

Adobe Commerce is susceptible to a Cross-Site Request Forgery (CSRF) vulnerability that can lead to a denial-of-service situation. Attackers can exploit this flaw by deceiving authenticated users into executing unintended actions through forged requests. This typically involves user interaction, such as clicking on malicious links or accessing compromised websites, potentially disrupting the availability of the service and affecting user experience.

Affected Version(s)

Adobe Commerce 0 <= 2.4.8-beta2

References

https://helpx.adobe.com/security/products/magento/apsb25-...

vendor-advisory

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 8, 2025
Vulnerability Reserved
Feb 19, 2025