Improper Authorization in Adobe Commerce Affects Multiple Versions
CVE-2025-43585

8.2HIGH

Key Information:

Vendor: Adobe
Status: Adobe Commerce
Vendor: CVE Published:; 10 June 2025

What is CVE-2025-43585?

Adobe Commerce is impacted by an improper authorization vulnerability allowing attackers to bypass security measures without needing user interaction. This loophole could result in unauthorized access and compromise the integrity of data within affected versions. Ensure your systems are updated to mitigate the risks associated with this vulnerability.

Affected Version(s)

Adobe Commerce 0 <= 2.4.4-p13

References

https://helpx.adobe.com/security/products/magento/apsb25-...

vendor-advisory

CVSS V3.1

Score:

8.2

Severity:

HIGH

Confidentiality:

Low

Integrity:

High

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 10, 2025
Vulnerability Reserved
Apr 16, 2025