Primary

Context

Adobe Commerce Cross-Site Request Forgery Vulnerability Leading to Denial-of-Service

Vulnerability

Patched

A Cross-Site Request Forgery (CSRF) vulnerability has been identified in Adobe Commerce versions 2.4.7-p4, 2.4.6-p9, 2.4.5-p11, 2.4.4-p12, 2.4.8-beta2 and earlier. This vulnerability could be exploited to create a denial-of-service condition. An attacker could manipulate a logged-in user into sending a forged request to the application, potentially disrupting service availability. Exploitation requires user interaction, such as clicking a malicious link or visiting an attacker-controlled website.

Impact

Exploitation of this vulnerability can lead to a denial-of-service condition, causing disruptions in service availability.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

5.2

impact

1.3

exploitability

6.5

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.2

impact

1.3

exploitability

6.5

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Adobe Commerce Cross-Site Request Forgery Vulnerability Leading to Denial-of-Service

Vulnerability

Impact

Affected Products

Adobe Commerce

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating