Adobe Commerce
Moderate fix6 remedies
cpe:2.3:a:adobe:commerce:*:*:*:*:*:*:*
Moderate fix6 remedies
- <= 2.4.9-alpha1
- <= 2.4.8-p1
- <= 2.4.7-p6
- <= 2.4.6-p11
- <= 2.4.5-p13
- <= 2.4.4-p14
Adobe Commerce and Magento Open Source Path Traversal Vulnerability Allowing Security Feature Bypass
Vulnerability
Patched
A path traversal vulnerability has been identified in Adobe Commerce and Magento Open Source. This issue affects several versions, including Adobe Commerce 2.4.9-alpha1, 2.4.8-p1, 2.4.7-p6, 2.4.6-p11, 2.4.5-p13, 2.4.4-p14 and earlier, as well as Magento Open Source 2.4.9-alpha1, 2.4.8-p1 and earlier, 2.4.7-p6 and earlier, 2.4.6-p11 and earlier, and 2.4.5-p13 and earlier. The vulnerability arises from improper limitations on pathnames, which could lead to a security feature bypass, allowing attackers to modify limited data. Exploitation of this vulnerability does not require user interaction.
Impact
Exploitation of this vulnerability could bypass security features, allowing unauthorized modifications to data.
Remediation
Users are advised to update to Adobe Commerce or Magento Open Source versions 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, or 2.4.5-p14. For Adobe Commerce B2B, update to versions 1.5.3-alpha2, 1.5.2-p2, 1.4.2-p7, 1.3.4-p14, or 1.3.3-p15.
Added: Sep 1, 2025, 7:22 PM
Updated: Sep 1, 2025, 7:22 PM
Vulnerability Rating
Custom Algorithm
spread
6.4impact
5.0exploitability
7.6remediation
7.7relevance
0.3threat
0.0urgency
2.9incentive
5.8Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.