Adobe Commerce
Moderate fix6 remedies
cpe:2.3:a:adobe:commerce:*:*:*:*:*:*:*
Moderate fix6 remedies
- <= 2.4.9-alpha2
- <= 2.4.8-p2
- <= 2.4.7-p7
- <= 2.4.6-p12
- <= 2.4.5-p14
- <= 2.4.4-p15
Adobe Commerce and Magento Open Source Incorrect Authorization Vulnerability Allowing Unauthorized Read Access
Vulnerability
Patched
A vulnerability allowing incorrect authorization has been identified in Adobe Commerce and Magento Open Source. This issue affects several versions, including Adobe Commerce versions 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, 2.4.5-p14, 2.4.4-p15 and earlier, as well as Magento Open Source versions 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, 2.4.5-p14 and earlier. The vulnerability allows attackers to bypass security measures and gain unauthorized read access, without requiring user interaction.
Impact
Exploitation of this vulnerability could lead to unauthorized read access, allowing attackers to bypass security measures and access sensitive information.
Remediation
Users are advised to update to the latest versions of Adobe Commerce or Magento Open Source. Instructions for updating can be found in the Adobe Security Bulletin APSB25-94.
Added: Oct 15, 2025, 12:05 AM
Updated: Oct 15, 2025, 12:05 AM
Vulnerability Rating
Custom Algorithm
spread
6.4impact
2.5exploitability
7.6remediation
7.7relevance
0.7threat
0.0urgency
2.9incentive
5.8Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.