Account Takeover Vulnerability in PrestaShop Checkout Payment Module
CVE-2025-61922

9.1CRITICAL

Key Information:

Vendor: Prestashopcorp
Status: Ps Checkout
Vendor: CVE Published:; 16 October 2025

🔔 Create Prestashopcorp Vulnerability Alert

What is CVE-2025-61922?

The PrestaShop Checkout payment module, in collaboration with PayPal, has a vulnerability that allows an attacker to exploit the Express Checkout feature through missing validation. This flaw facilitates silent login capabilities, making it possible for unauthorized parties to take over user accounts through exploited email addresses. The affected versions are 4.4.0 and earlier, as well as 5.0.4 and earlier. Users must upgrade to versions 4.4.1 or 5.0.5 to mitigate this security risk. Currently, no workarounds are available.

Affected Version(s)

ps_checkout < 4.4.1 < 4.4.1

ps_checkout >= 5.0.0, < 5.0.5 < 5.0.0, 5.0.5

References

https://github.com/PrestaShopCorp/ps_checkout/security/ad...

x_refsource_CONFIRM

CVSS V3.1

Score:

9.1

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 16, 2025
Vulnerability Reserved
Oct 3, 2025

JSON