Path Traversal Vulnerability in Adobe Commerce Products
CVE-2025-49559

5.3MEDIUM

Key Information:

Vendor: Adobe
Status: Adobe Commerce
Vendor: CVE Published:; 12 August 2025

What is CVE-2025-49559?

Adobe Commerce is susceptible to a path traversal vulnerability in multiple versions which allows attackers to bypass intended security measures. Attackers can exploit this weakness to modify limited data without requiring any user interaction, potentially leading to unauthorized access and manipulation of files within the application. The flaw affects Adobe Commerce versions 2.4.9-alpha1, 2.4.8-p1, and earlier updates, emphasizing the necessity for timely patching to mitigate potential threats.

Affected Version(s)

Adobe Commerce 0 <= 2.4.4-p14

References

https://helpx.adobe.com/security/products/magento/apsb25-...

vendor-advisory

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 12, 2025
Vulnerability Reserved
Jun 6, 2025