Adobe Commerce
Moderate fix6 remedies
cpe:2.3:a:adobe:commerce:*:*:*:*:*:*:*
Moderate fix6 remedies
- <= 2.4.9-alpha1
- <= 2.4.8-p1
- <= 2.4.7-p6
- <= 2.4.6-p11
- <= 2.4.5-p13
- <= 2.4.4-p14
Adobe Commerce and Magento Open Source Cross-Site Request Forgery Vulnerability Allowing Privilege Escalation
Vulnerability
Patched
A Cross-Site Request Forgery (CSRF) vulnerability has been identified in Adobe Commerce and Magento Open Source versions 2.4.9-alpha1, 2.4.8-p1, 2.4.7-p6, 2.4.6-p11, 2.4.5-p13, 2.4.4-p14 and earlier. This vulnerability could lead to privilege escalation, allowing a high-privileged attacker to manipulate actions on behalf of an authenticated user, potentially resulting in unauthorized access to or modification of sensitive data. Exploitation requires user interaction, as the victim must visit a malicious website or click on a crafted link.
Impact
Successful exploitation could allow a high-privileged attacker to escalate privileges, enabling unauthorized actions or access to sensitive data on behalf of the victim.
Remediation
Users are advised to update to Adobe Commerce or Magento Open Source versions 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12 or 2.4.5-p14. Instructions for updating can be found in the 2.4.x release notes.
Added: Sep 1, 2025, 7:22 PM
Updated: Sep 1, 2025, 7:22 PM
Vulnerability Rating
Custom Algorithm
spread
6.4impact
5.0exploitability
4.7remediation
7.7relevance
0.3threat
0.0urgency
2.9incentive
1.7Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.