Adobe Commerce Path Traversal Vulnerability Leading to Security Feature Bypass

Vulnerability

A path traversal vulnerability allowing improper limitation of a pathname to a restricted directory has been identified in Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier. This vulnerability could be exploited by an unauthenticated attacker to modify files stored outside the restricted directory, potentially leading to a bypass of security features. The exploitation of this vulnerability does not require any user interaction.

Impact

Exploitation of this vulnerability could result in unauthorized modification of files outside the restricted directory, bypassing security features.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

5.2

impact

1.3

exploitability

7.6

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.2

impact

1.3

exploitability

7.6

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Adobe Commerce Path Traversal Vulnerability Leading to Security Feature Bypass

Vulnerability

Impact

Affected Products

Adobe Commerce

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating