Account Hijacking Vulnerability in PrestaShop Checkout Payment Module
CVE-2025-61924

3.8LOW

Key Information:

Vendor: Prestashopcorp
Status: Ps Checkout
Vendor: CVE Published:; 16 October 2025

🔔 Create Prestashopcorp Vulnerability Alert

What is CVE-2025-61924?

The PrestaShop Checkout payment module, which works in partnership with PayPal, is affected by a vulnerability that allows account hijacking through improper use of the PHP array_search() function. This flaw can lead to unauthorized access to a PayPal merchant account from the back office in specific versions of the module. It is crucial for users to update to versions 4.4.1 or 5.0.5 to mitigate this risk, as there are no known workarounds to address this issue.

Affected Version(s)

ps_checkout < 4.4.1 < 4.4.1

ps_checkout >= 5.0.0, < 5.0.5 < 5.0.0, 5.0.5

References

https://github.com/PrestaShopCorp/ps_checkout/security/ad...

x_refsource_CONFIRM

CVSS V3.1

Score:

3.8

Severity:

LOW

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 16, 2025
Vulnerability Reserved
Oct 3, 2025

JSON