Volerion logoVolerion
Volerion logoVolerion

Adobe Commerce and Magento Open Source Incorrect Authorization Vulnerability Allowing Security Feature Bypass

Vulnerability

A vulnerability allowing security feature bypass through incorrect authorization has been identified in Adobe Commerce and Magento Open Source. This issue affects several versions, including Adobe Commerce versions 2.4.8, 2.4.7-p5, 2.4.6-p10, 2.4.5-p12, 2.4.4-p13 and earlier, as well as Magento Open Source versions 2.4.8, 2.4.7-p5 and earlier, 2.4.6-p10 and earlier, and 2.4.5-p12 and earlier. The vulnerability could allow an attacker to gain limited unauthorized access by bypassing security measures, although exploitation requires user interaction.

Impact

Exploitation of this vulnerability could lead to unauthorized access by bypassing security features, allowing attackers to gain limited access to the system.

Remediation

Users are advised to update to the latest version of Adobe Commerce or Magento Open Source. Instructions for updating can be found in the Adobe Security Bulletin APSB25-50.

Added: Jun 25, 2025, 7:18 PM
Updated: Jun 25, 2025, 7:18 PM

Vulnerability Rating

Custom Algorithm
spread
6.4
impact
1.3
exploitability
6.5
remediation
7.7
relevance
0.2
threat
0.0
urgency
2.9
incentive
1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.