Information Disclosure in Saleor E-commerce Platform
CVE-2025-58442

5.3MEDIUM

Key Information:

Vendor

Saleor

Status
Saleor
Vendor
CVE Published:
9 September 2025

What is CVE-2025-58442?

The Saleor e-commerce platform has a vulnerability that allows attackers to infer the existence of registered users by querying specific fields during the user registration process. This issue affects versions from 3.21.0 to 3.21.15, where responses may unintentionally reveal whether an email address is already in use. The vulnerability has been addressed in version 3.21.16, and users are encouraged to either update their installations or implement rate limiting as a temporary mitigation measure.

Affected Version(s)

saleor >= 3.21.0, < 3.21.16

References

https://github.com/saleor/saleor/security/advisories/GHSA...
x_refsource_CONFIRM
https://github.com/saleor/saleor/commit/09d671e91ea53a443...
x_refsource_MISC
https://github.com/saleor/saleor/commit/b35783838e51cfc11...
x_refsource_MISC

CVSS V3.1

Score:
5.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.