Stored XSS Vulnerability in Adobe Commerce Products
CVE-2025-49557
8.7HIGH
What is CVE-2025-49557?
Adobe Commerce is impacted by a stored Cross-Site Scripting (XSS) vulnerability that allows low-privileged attackers to inject malicious scripts into form fields. Successful exploitation requires user interaction, as victims must visit a page containing the vulnerable field. Once injected, these scripts can lead to privilege escalation or compromise sensitive user data, putting both the application and users at significant risk.
Affected Version(s)
Adobe Commerce 0 <= 2.4.4-p14
References
CVSS V3.1
Score:
8.7
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed
Timeline
Vulnerability published
Vulnerability Reserved